[BUG] --dangerously-skip-permissions does not bypass "edit its own settings" prompt for .claude/ directory writes

Resolved 💬 13 comments Opened Mar 23, 2026 by adelfino69 Closed Apr 24, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

When running Claude Code with --dangerously-skip-permissions, writes to files inside ~/.claude/ still trigger a permission prompt:

Do you want to make this edit to .md?

  1. Yes

❯ 2. Yes, and allow Claude to edit its own settings for this session

  1. No

This happens every new session, defeating the purpose of the flag.

## Steps to Reproduce

  1. Configure settings.json with "defaultMode": "bypassPermissions" and "skipDangerousModePermissionPrompt": true
  2. Launch with claude --dangerously-skip-permissions
  3. Use any skill that writes files to ~/.claude/ (e.g., session-handoff, save-plan, or auto-memory)
  4. The "edit its own settings" prompt appears despite the flag

## Expected Behavior

--dangerously-skip-permissions should bypass ALL permission prompts, including writes to .claude/ directory. The flag name itself implies full bypass.

## Actual Behavior

A hardcoded "protected directory" check for .claude/ overrides the --dangerously-skip-permissions flag. The user must manually approve once per session
(option 2).

## Environment

  • Claude Code version: 2.1.81
  • OS: Windows 11 Pro
  • Settings: defaultMode: "bypassPermissions", skipDangerousModePermissionPrompt: true
  • Multiple plugins/skills enabled that write to ~/.claude/

## Impact

This breaks autonomous workflows and CI/CD usage where no human is present to approve. It also creates friction for power users who have explicitly opted into
full bypass mode.

What Should Happen?

When --dangerously-skip-permissions flag is active, ALL permission prompts should be bypassed — including writes to the .claude/ directory. The flag name
explicitly says "dangerously skip permissions", so no permission check should override it. Currently a hardcoded "protected directory" check for .claude/ still
triggers the "edit its own settings" prompt every session, which defeats the purpose of the flag and breaks autonomous/unattended workflows.

Error Messages/Logs

Steps to Reproduce

  1. Set "defaultMode": "bypassPermissions" and "skipDangerousModePermissionPrompt": true in ~/.claude/settings.json
  2. Launch Claude Code with claude --dangerously-skip-permissions
  3. Trigger any action that writes a file inside ~/.claude/ (e.g., a plugin skill writing a .md file, auto-memory saving to ~/.claude/projects/*/memory/, or

session-handoff creating a handoff file)

  1. A permission prompt appears: "Do you want to make this edit to <file>.md? 1. Yes / 2. Yes, and allow Claude to edit its own settings for this session / 3. No"
  2. This happens on every new session, regardless of the flag

Claude Model

None

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.81 (Claude Code)

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

Windows Terminal

Additional Information

_No response_

View original on GitHub ↗

This issue has 13 comments on GitHub. Read the full discussion on GitHub ↗