`.claude/skills/` edits prompt for permission despite being documented as exempt (regression in 2.1.79)
Summary
Since v2.1.79, editing files under .claude/skills/ triggers a permission prompt ("Do you want to make this edit? / Yes, and allow Claude to edit its own settings for this session"), even though the documentation states .claude/skills/ is exempt from .claude/ directory protection.
Steps to Reproduce
- Have
EditandWriteinpermissions.allowinsettings.local.json - Run Claude Code v2.1.79+ in
defaultpermission mode - Ask Claude to edit any file under
.claude/skills/(e.g., a skill'sSKILL.mdor reference file)
Expected: Edit proceeds without prompting (.claude/skills/ is documented as exempt)
Actual: Permission prompt appears with "Yes, and allow Claude to edit its own settings for this session" option
Evidence
Documentation says .claude/skills/ is exempt
From the official docs:
bypassPermissionsmode skips permission prompts. Writes to.git,.claude,.vscode, and.ideadirectories still prompt for confirmation to prevent accidental corruption of repository state and local configuration. Writes to.claude/commands,.claude/agents, and.claude/skillsare exempt and do not prompt, because Claude routinely writes there when creating skills, subagents, and commands.
Binary analysis: .claude/skills missing from exemption list
Extracted from all versions (2.1.77–2.1.80), the exemption function only includes .claude/commands and .claude/agents:
// Same across all 4 versions — .claude/skills is NOT listed
function exemptPaths() {
return [...protectedDirs.filter(d => d !== ".git"), ".claude/commands", ".claude/agents"]
}
v2.1.78 changelog confirms the protection was tightened
Fixed.git,.claude, and other protected directories being writable without a prompt inbypassPermissionsmode
This fix in v2.1.78 was scoped to bypassPermissions mode. However, in v2.1.79 the protection appears to have been extended to default mode with allow-list as well (not mentioned in v2.1.79 changelog).
Session log evidence: behavior changed between versions
| Version | Mode | .claude/ writes per session | Prompting possible? |
|---------|------|------------------------------|-------------------|
| 2.1.78 | default | 110 | No (impossible to approve 110 individually) |
| 2.1.79 | default | max 13 | Yes (sharp drop suggests prompting started) |
Two Issues
- Code-docs mismatch:
.claude/skillsis documented as exempt but is not in the exemption list in code (affects all versions 2.1.77–2.1.80) - Regression in 2.1.79:
.claude/protection now applies indefaultmode withEdit/Writein the allow list, where it previously did not. This is not documented in the 2.1.79 changelog.
Impact
Projects that heavily use custom skills (with files under .claude/skills/) experience frequent permission prompts that block automated workflows. In my case, eval-driven skill development involves dozens of .claude/skills/ file writes per session.
Workaround Attempted
Added Edit(.claude/**) and Write(.claude/**) to the allow list — untested whether this overrides the .claude/ directory protection in 2.1.79+.
Environment
- Claude Code: 2.1.79 / 2.1.80
- Platform: Linux (WSL2)
- Permission mode:
default - Running as: root
This issue has 10 comments on GitHub. Read the full discussion on GitHub ↗