False positive permission dialog for quoted strings starting with `-` in compound commands

Resolved 💬 3 comments Opened Feb 28, 2026 by kyusic Closed Mar 4, 2026

Bug description

When a compound command (using &&, ||, or ;) contains a quoted argument starting with - (e.g., echo "---"), the bash security check incorrectly flags it as an "obfuscated flag" and triggers a permission dialog. The same command works fine when run standalone.

Reproduction

# No dialog (standalone echo)
echo "---"

# No dialog (compound without quoted dash)
git status && echo ---

# No dialog (compound with non-dash quoted string)
git status && echo "==="

# UNEXPECTED DIALOG (compound with quoted dash string)
git status && echo "---"

# Also triggers:
git status --short && echo "---" && git log --oneline master..HEAD

Root cause

The qF security check function runs against the entire compound command string before subcommand splitting. Within qF, the obfuscated flags check (tuY) has an early bypass for echo:

if (K === "echo" && !Y) return { behavior: "passthrough" };
// K = first word of entire command, Y = /[|&;]/.test(command)

In a compound command like git status && echo "---":

  • K = "git" (first word of entire string, not "echo")
  • Y = true (command contains &)
  • The echo bypass is skipped

The check then scans the full string and finds a space followed by " followed by - ("---"), matching the obfuscated flag pattern. This triggers an "ask" behavior, which causes hT1 (read-only check) to return "passthrough" (not auto-allowed), resulting in a permission dialog.

Expected behavior

echo "---" in a compound command should be treated the same as standalone echo "---" — auto-allowed without a permission dialog.

Environment

  • Claude Code version: 2.1.63
  • OS: macOS (Darwin 25.3.0, aarch64)

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗