--dangerously-skip-permissions still prompts for confirmation on Read tool
Resolved 💬 4 comments Opened Mar 22, 2026 by 3lgr Closed Mar 26, 2026
Description
When launching Claude Code with --dangerously-skip-permissions, the CLI still prompts for user confirmation on Read tool calls for files outside the project directory.
Steps to Reproduce
- Start Claude Code with:
claude --allow-dangerously-skip-permissions - Confirm the flag is active via
ps aux(showsclaude --allow-dangerously-skip-permissions) - Confirm parent process via
ps -p $PPID -o tty=,args=from within the session — output:ttys000 claude --allow-dangerously-skip-permissions - Ask the agent to read a file outside the project directory, e.g.
/opt/homebrew/Cellar/dippy/0.2.6/libexec/src/dippy/dippy.py
Expected Behavior
The Read tool should execute without prompting, as --dangerously-skip-permissions should bypass all permission checks.
Actual Behavior
The CLI displays a confirmation prompt:
Read file
Read(/opt/homebrew/Cellar/dippy/0.2.6/libexec/src/dippy/dippy.py)
Do you want to proceed?
❯ 1. Yes
2. Yes, allow reading from dippy/ during this session
3. No
Environment
- OS: macOS (Darwin 25.3.0)
- Claude Code: latest (installed via npm)
- Shell: zsh
- Plugins active: superpowers, everything-claude-code, vercel, dippy, and others
- Hooks: PreToolUse hooks from Dippy (Bash matcher only) and ECC (no Read matcher)
Analysis
- The flag is confirmed active on the correct process (verified via
ps -p $PPID) - No PreToolUse hooks match the
Readtool — Dippy only matchesBash, ECC hooks matchBash|Write|Edit|MultiEditor*(but none returnaskfor Read) - This appears to be a bug where the
--dangerously-skip-permissionsflag does not fully suppress the built-in permission system forReadoperations on paths outside the project directory
Additional Context
The settings.json has "skipDangerousModePermissionPrompt": true configured, which may be related but does not resolve the issue.
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗