Add option to disable 'Command contains quoted characters in flag names' warning
Open 💬 26 comments Opened Feb 23, 2026 by AndersHeie
Problem
After a recent Claude Code update, every bash command containing quoted characters in flag values triggers a confirmation prompt with the warning:
Command contains quoted characters in flag names
This happens on completely normal commands like git commit -m "message" or bun run build --flag "value". In previous versions, these commands executed without prompts (assuming they matched the allowlist).
Impact
- Breaks existing workflows — commands that previously matched
Bash(git commit *)orBash(bun run *)allowlist patterns now require manual yes/no confirmation every time. - Especially disruptive for agentic use — multi-agent orchestration workflows that delegate to subagents are constantly interrupted by these prompts.
- False positive rate is very high — legitimate, safe commands are flagged far more often than actual injection attempts.
Request
Please add one or more of the following:
- A setting to disable this specific check — e.g.,
"disableQuotedCharWarning": trueinsettings.json - Respect the existing allowlist — if a command matches an allow pattern, skip the quoted-character check
- Documentation — explain exactly what patterns trigger this warning so users can reformulate commands to avoid it
Environment
- Claude Code (latest, Feb 2026)
- WSL2 / Linux
- Using project-level
settings.jsonwith allowlist + denylist permissions
Current workaround
The only workaround is adding Bash(*) to the allowlist, which defeats the purpose of having granular allow patterns.
26 Comments
Claude Opus 4.6 uses
echo "---"all the time to separate command outputs (e.g.,file .../aa && echo "---" && file .../ab), so now we get this warning and block all the time as well :-("Command contains quoted characters in flag names" fires too broadly
Problem
The safety check that warns about quoted characters in Bash commands triggers on harmless literal strings, requiring manual approval for commands like:
The prompt says "Command contains quoted characters in flag names" — but "---" is a literal string passed to echo, not a flag name. There's no injection risk.
Impact
This creates unnecessary approval interruptions during normal agentic flow. Users end up adding blanket CLAUDE.md rules to work around it ("never use quotes"), which is a worse outcome than a well-scoped check.
Expected behavior
The check should distinguish between:
Reproduction
Run any Bash command with a quoted literal, e.g.:
All trigger the approval prompt unnecessarily.
Given how widely Claude Code is used and how disruptive this is to the default workflow, I'm surprised there isn't more activity in here. Is there an easy fix I'm missing? I added CLAUDE.md rules in the meantime:
Using
beansis also affected by this. While working, beans continually updates its markdown with things like:I can no longer tab away from anything working with agents because it prompts for every single step across each agent. I'm not willing to
--dangerously-skip-permissionsfor some things.It fails on things like this for me all the time:
<img width="1570" height="604" alt="Image" src="https://github.com/user-attachments/assets/004e0302-c002-40a2-8aa2-2c6b2ddb2e36" />
also getting blocked a lot by this - even dangerously sku permissions flag didn't seem to help 🤔
also getting blocked a lot by this. I run CLIs that accepts JSON arguments, this makes CC always request permissions which slows down work significantly.
Same. Glad not the only one.
I've observed that the changes in some of the permission prompts called out here and in other issues basically demands that you use claude code with
dangerously-skip-permissionsin order to have an effective session that does not require you to babysit the process.The introduction of such fine grained permissions may have the inverse effect on what the team is trying to achieve from a security perspective, essentially inducing "alarm fatigue". Meaning, the prompts are so noisy and frequent that people with either
dangerously-skip-permissions, or they'll blindly hit approve.It would be nice to have some clarity on what the suggested usage is, and whether or not the introduction of these gates was intentional or is a bug.
Jumping on this bandwagon, this has had a massive impact on coding workflows. It's too noisy now. Official config or guidance would really help.
This really needs a proper fix ASAP!
It also blocks the sub-agents, because they sometimes are stuck in confirmations. It's a P1 bug and needs to be resolved.
Anthropic, please fix this bug. Don't make mistakes. Ultrathink.
1
This is my working solution for the above. I setup a pretooluse hook that nudges CC to behave. I used it to solve this issue here and similar quirks that started popping up, like compound command use. Anytime something new pops up, I just update the shell script with some instructions to get around it.
no-compound.sh
This is very irritating (to the point where even using codex is less painful than getting prompted every few minutes).
Getting blocked on commands like
lsandfindis crazy.Needs fixing.
Jumping in, pretty frustrating.
+1
+1 - this pretty much breaks any agentic development workflow that doesn't run with
--dangerously-skip-permissions. As a result, I'm now following the lead of some other folks to move my development into a sandboxed devcontainer, where I'm willing to run with--dangerously-skip-permissions.wait for fix...
+1 waiting for this fix, perhaps it could still warning, but not stopping the whole process on every 30 / 60 seconds.
Hook workaround until this is fixed upstream:
You can auto-approve commands that trigger the quoted-characters warning with a PreToolUse hook:
Register in
~/.claude/settings.json:This auto-approves common dev commands (
git commit,npm run,bun run, etc.) regardless of quoted flag values, while still prompting for unfamiliar commands.For a broader safety setup with 8 hooks that covers this and other common permission annoyances:
I've been testing a more automated workaround based on @yurukusa's and @btoro's Hook idea. Instead of hardcoding commands in a shell script, I've developed a Node.js hook that dynamically reads your
~/.claude/settings.jsonand auto-approves any command that already exists in yourpermissions.allowlist.This solves the "Alarm Fatigue" without sacrificing security, as it only bypasses the quoted-character warning for commands you've already explicitly trusted in your config.
How it works:
Bash(xxx:*)rules directly from your existingsettings.json.{"decision":"approve"}to bypass the manual prompt.Setup:
~/.claude/hooks/approve-logic.js(and runchmod +xon it):This effectively makes the security check respect the user-defined allowlist (SSOT), which I believe is how it should behave by default. Works great in my local tests
This is very annoying, our work is hitting Yes all day long!!!
<img width="614" height="166" alt="Image" src="https://github.com/user-attachments/assets/e6ae5e6e-b0f3-4644-bc15-79be6d860e6b" />
+1
Here is @david-crazyamber's solution that also captures project and local permission rules.
/tmp/gh-comment-27957.md