[BUG] --dangerously-skip-permissions does not bypass "modify config files" prompt for ~/.claude/ writes
Description
--dangerously-skip-permissions does not bypass a permission prompt triggered when Claude writes to ~/.claude/ paths. The prompt asks the user to "authorize Claude to modify its config files for this session", blocking autonomous execution.
This is distinct from:
- #28506 (workspace trust prompt — closed)
- #32559 (general bash permission prompts)
- #25503 (bypass permissions mode dialog)
Steps to Reproduce
- Set up a skill with a memory system that writes to
~/.claude/skills/<skill>/memory/sessions/ - Run
claude --dangerously-skip-permissions(orclaude -p --dangerously-skip-permissions) - Trigger the skill to write a new file under
~/.claude/skills/<skill>/memory/sessions/ - Observe: a permission prompt appears asking to authorize Claude to "modify its config files"
Expected Behavior
With --dangerously-skip-permissions, all permission prompts should be bypassed, including writes to ~/.claude/ paths. The flag's help text says "Bypass all permission checks" — this should include config file writes.
Actual Behavior
A blocking permission prompt appears:
Authorize Claude to modify its config files for this session?
This blocks the agent until the user manually approves, defeating the purpose of --dangerously-skip-permissions for automated/headless workflows.
Why This Matters
The ~/.claude/skills/*/memory/ directory is a legitimate write target for skill-based workflows. Skills routinely persist session memory, error logs, and learning data to these paths as part of normal autonomous operation. The permission gate makes headless/batch skill execution (claude -p --dangerously-skip-permissions) impossible when skills write to their own memory directories.
This also affects:
claude -pbatch automation pipelines- Any skill or hook that writes to
~/.claude/for persistence - CI/CD workflows where
~/.claude/is used for state
Root Cause Hypothesis
There appears to be an undocumented permission category ("modify config files") that gates writes to ~/.claude/ paths. This gate is checked independently of the --dangerously-skip-permissions flag, which only bypasses the standard Edit/Write/Bash permission categories.
Environment
- Claude Code version: 2.1.78
- OS: Windows 11 Pro (Git Bash)
- Shell: bash
- Relevant settings:
skipDangerousModePermissionPrompt: truein settings.json - Path triggering the prompt:
~/.claude/skills/diagram-artist/memory/sessions/2026-03-18_icarus_pid_feed_system.md
Suggested Fix
The "modify config files" permission check should respect --dangerously-skip-permissions. If there's a security reason to protect ~/.claude/settings.json or similar, the gate should be scoped narrowly (e.g., only ~/.claude/settings*.json and ~/.claude/*.json), not applied to all paths under ~/.claude/.
This issue has 9 comments on GitHub. Read the full discussion on GitHub ↗