Feature request: Plain-language warnings for destructive commands in permission prompts
Feature Request
When Claude Code requests permission to run a shell command, the prompt displays the raw command. Technical users can evaluate the risk, but non-technical users may not understand what commands like rm -rf /, git reset --hard, or DROP TABLE actually do — and may click "allow" without realizing the consequences.
Problem
Claude Code has full filesystem access and can execute arbitrary shell commands. The permission prompt is the last line of defense before a potentially destructive action runs. Currently it only shows the raw command, which requires technical knowledge to evaluate.
As AI coding tools become more accessible to non-developers (designers, product managers, students, hobbyists), this gap becomes a real safety concern.
Proposed Solution
Add a human-readable warning label for commands detected as destructive or irreversible. Examples:
| Command | Warning |
|---------|---------|
| rm -rf / | ⚠️ This command will permanently delete files and cannot be undone |
| git reset --hard | ⚠️ This command will discard all uncommitted changes permanently |
| git push --force | ⚠️ This command will overwrite remote history and may affect other collaborators |
| DROP TABLE | ⚠️ This command will permanently delete a database table |
This could be implemented as:
- A pattern-matching layer that detects known dangerous commands/flags
- A warning banner displayed above the raw command in the permission prompt
- Optionally requiring the user to type "confirm" instead of just clicking allow for high-risk commands
Why This Matters
- AI coding tools are reaching users beyond professional developers
- The permission prompt is currently the only safeguard — it should be understandable by everyone
- A single misclick on a destructive command can cause irreversible damage (wiped filesystems, lost git history, deleted databases)
- This is a low-cost, high-impact safety improvement
Additional Context
- Platform: All (macOS, Windows, Linux)
- This does not replace the existing permission system — it enhances it with context
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗