False positive permission dialog for quoted strings starting with `-` in compound commands
Bug description
When a compound command (using &&, ||, or ;) contains a quoted argument starting with - (e.g., echo "---"), the bash security check incorrectly flags it as an "obfuscated flag" and triggers a permission dialog. The same command works fine when run standalone.
Reproduction
# No dialog (standalone echo)
echo "---"
# No dialog (compound without quoted dash)
git status && echo ---
# No dialog (compound with non-dash quoted string)
git status && echo "==="
# UNEXPECTED DIALOG (compound with quoted dash string)
git status && echo "---"
# Also triggers:
git status --short && echo "---" && git log --oneline master..HEAD
Root cause
The qF security check function runs against the entire compound command string before subcommand splitting. Within qF, the obfuscated flags check (tuY) has an early bypass for echo:
if (K === "echo" && !Y) return { behavior: "passthrough" };
// K = first word of entire command, Y = /[|&;]/.test(command)
In a compound command like git status && echo "---":
K="git"(first word of entire string, not"echo")Y=true(command contains&)- The echo bypass is skipped
The check then scans the full string and finds a space followed by " followed by - ("---"), matching the obfuscated flag pattern. This triggers an "ask" behavior, which causes hT1 (read-only check) to return "passthrough" (not auto-allowed), resulting in a permission dialog.
Expected behavior
echo "---" in a compound command should be treated the same as standalone echo "---" — auto-allowed without a permission dialog.
Environment
- Claude Code version: 2.1.63
- OS: macOS (Darwin 25.3.0, aarch64)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗