[BUG] --dangerously-skip-permissions does not bypass "edit its own settings" prompt for .claude/ directory writes
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When running Claude Code with --dangerously-skip-permissions, writes to files inside ~/.claude/ still trigger a permission prompt:
Do you want to make this edit to .md?
- Yes
❯ 2. Yes, and allow Claude to edit its own settings for this session
- No
This happens every new session, defeating the purpose of the flag.
## Steps to Reproduce
- Configure
settings.jsonwith"defaultMode": "bypassPermissions"and"skipDangerousModePermissionPrompt": true - Launch with
claude --dangerously-skip-permissions - Use any skill that writes files to
~/.claude/(e.g., session-handoff, save-plan, or auto-memory) - The "edit its own settings" prompt appears despite the flag
## Expected Behavior
--dangerously-skip-permissions should bypass ALL permission prompts, including writes to .claude/ directory. The flag name itself implies full bypass.
## Actual Behavior
A hardcoded "protected directory" check for .claude/ overrides the --dangerously-skip-permissions flag. The user must manually approve once per session
(option 2).
## Environment
- Claude Code version: 2.1.81
- OS: Windows 11 Pro
- Settings:
defaultMode: "bypassPermissions",skipDangerousModePermissionPrompt: true - Multiple plugins/skills enabled that write to
~/.claude/
## Impact
This breaks autonomous workflows and CI/CD usage where no human is present to approve. It also creates friction for power users who have explicitly opted into
full bypass mode.
What Should Happen?
When --dangerously-skip-permissions flag is active, ALL permission prompts should be bypassed — including writes to the .claude/ directory. The flag name
explicitly says "dangerously skip permissions", so no permission check should override it. Currently a hardcoded "protected directory" check for .claude/ still
triggers the "edit its own settings" prompt every session, which defeats the purpose of the flag and breaks autonomous/unattended workflows.
Error Messages/Logs
Steps to Reproduce
- Set
"defaultMode": "bypassPermissions"and"skipDangerousModePermissionPrompt": truein~/.claude/settings.json - Launch Claude Code with
claude --dangerously-skip-permissions - Trigger any action that writes a file inside
~/.claude/(e.g., a plugin skill writing a .md file, auto-memory saving to~/.claude/projects/*/memory/, or
session-handoff creating a handoff file)
- A permission prompt appears: "Do you want to make this edit to <file>.md? 1. Yes / 2. Yes, and allow Claude to edit its own settings for this session / 3. No"
- This happens on every new session, regardless of the flag
Claude Model
None
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
2.1.81 (Claude Code)
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
Windows Terminal
Additional Information
_No response_
This issue has 13 comments on GitHub. Read the full discussion on GitHub ↗