[BUG] --dangerously-skip-permissions does not bypass "modify config files" prompt for ~/.claude/ writes

Resolved 💬 9 comments Opened Mar 18, 2026 by mattiaTagliente Closed Mar 20, 2026

Description

--dangerously-skip-permissions does not bypass a permission prompt triggered when Claude writes to ~/.claude/ paths. The prompt asks the user to "authorize Claude to modify its config files for this session", blocking autonomous execution.

This is distinct from:

  • #28506 (workspace trust prompt — closed)
  • #32559 (general bash permission prompts)
  • #25503 (bypass permissions mode dialog)

Steps to Reproduce

  1. Set up a skill with a memory system that writes to ~/.claude/skills/<skill>/memory/sessions/
  2. Run claude --dangerously-skip-permissions (or claude -p --dangerously-skip-permissions)
  3. Trigger the skill to write a new file under ~/.claude/skills/<skill>/memory/sessions/
  4. Observe: a permission prompt appears asking to authorize Claude to "modify its config files"

Expected Behavior

With --dangerously-skip-permissions, all permission prompts should be bypassed, including writes to ~/.claude/ paths. The flag's help text says "Bypass all permission checks" — this should include config file writes.

Actual Behavior

A blocking permission prompt appears:

Authorize Claude to modify its config files for this session?

This blocks the agent until the user manually approves, defeating the purpose of --dangerously-skip-permissions for automated/headless workflows.

Why This Matters

The ~/.claude/skills/*/memory/ directory is a legitimate write target for skill-based workflows. Skills routinely persist session memory, error logs, and learning data to these paths as part of normal autonomous operation. The permission gate makes headless/batch skill execution (claude -p --dangerously-skip-permissions) impossible when skills write to their own memory directories.

This also affects:

  • claude -p batch automation pipelines
  • Any skill or hook that writes to ~/.claude/ for persistence
  • CI/CD workflows where ~/.claude/ is used for state

Root Cause Hypothesis

There appears to be an undocumented permission category ("modify config files") that gates writes to ~/.claude/ paths. This gate is checked independently of the --dangerously-skip-permissions flag, which only bypasses the standard Edit/Write/Bash permission categories.

Environment

  • Claude Code version: 2.1.78
  • OS: Windows 11 Pro (Git Bash)
  • Shell: bash
  • Relevant settings: skipDangerousModePermissionPrompt: true in settings.json
  • Path triggering the prompt: ~/.claude/skills/diagram-artist/memory/sessions/2026-03-18_icarus_pid_feed_system.md

Suggested Fix

The "modify config files" permission check should respect --dangerously-skip-permissions. If there's a security reason to protect ~/.claude/settings.json or similar, the gate should be scoped narrowly (e.g., only ~/.claude/settings*.json and ~/.claude/*.json), not applied to all paths under ~/.claude/.

View original on GitHub ↗

This issue has 9 comments on GitHub. Read the full discussion on GitHub ↗