[FEATURE] Allow whitelisting of inline commands based on imports

Resolved 💬 2 comments Opened Feb 25, 2026 by kristovatlas Closed Mar 25, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

I want to be able to whitelist many one-liner commands to like node -e "const path = require('path'); console.log(path.join('foo', 'bar', 'baz.txt'))" because I know the "path" library by itself is pretty safe, but I don't want to let Claude Code run node -e "const fs = require('fs'); //... without prompting me because "fs" can do dangerous stuff. Same deal for other commands like python -c, etc.

Proposed Solution

When Claude prompts for command authorization, provide an option that will authorize the command but only for specific import libraries inthe inline command

Alternative Solutions

Currently I work around this by manually authorizing many commands that I know I could let Claude safely do. This creates a lot of work loop interruptions in order to maintain safety.

Priority

High - Significant impact on productivity

Feature Category

Configuration and settings

Use Case Example

Example scenario:

  1. I run /security-review on a code base that uses npm
  2. Claude prompts me whether I want to run `npm -e "import .... // do some stuff" in order to validate a finding
  3. Claude prompts me whether I want to run `npm -e "import (some dangerous library like os or fs)"

Additional Context

_No response_

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗