[DOCS] PowerShell tool docs omit dangerous-command safety behavior

Open 💬 4 comments Opened Mar 27, 2026 by coygeek

Documentation Type

Missing documentation (feature not documented)

Documentation Location

https://code.claude.com/docs/en/tools-reference#powershell-tool

Section/Topic

PowerShell tool preview documentation, especially safety behavior for dangerous or destructive PowerShell commands

Current Documentation

The PowerShell tool docs currently say:

On Windows, Claude Code can run PowerShell commands natively instead of routing through Git Bash. This is an opt-in preview. The PowerShell tool has the following known limitations during the preview: Auto mode does not work with the PowerShell tool yet PowerShell profiles are not loaded Sandboxing is not supported Only supported on native Windows, not WSL * Git Bash is still required to start Claude Code

Related security guidance currently says:

Command injection detection: Suspicious bash commands require manual approval even if previously allowlisted Fail-closed matching: Unmatched commands default to requiring manual approval

What's Wrong or Missing?

Changelog v2.1.85 says:

Improved PowerShell dangerous command detection

The current docs explain how to enable the PowerShell tool and list its preview limitations, but they do not explain that PowerShell commands are also subject to dangerous-command detection and elevated approval behavior.

That leaves three gaps:

A. The PowerShell tool page omits PowerShell-specific safety behavior

Windows users can learn how to enable the preview, but not what safety behavior to expect when Claude proposes a destructive PowerShell command.

B. The security page reads as Bash-only

Because the current wording says "Suspicious bash commands," readers can reasonably conclude that this protection applies only to Bash and not to the PowerShell tool.

C. The preview's guardrails are underspecified

Users evaluating whether to adopt the PowerShell preview should be able to tell that dangerous PowerShell commands may receive extra scrutiny and manual approval rather than being treated like ordinary shell execution.

Suggested Improvement

Add a short safety note to the PowerShell tool section, and align the security page wording with it.

For example, the PowerShell tool page could add a note such as:

Dangerous or destructive PowerShell commands can still trigger additional safety checks and manual approval when the PowerShell tool is enabled.

The docs should also clarify:

  1. that PowerShell command execution does not bypass Claude Code's dangerous-command protections,
  2. that users may still see manual approval for destructive PowerShell actions even when the tool is enabled, and
  3. that the general security guidance applies to PowerShell as well as Bash where relevant.

Impact

Medium - Makes feature difficult to understand

Additional Context

Affected Pages:

| Page | Context |
|------|---------|
| https://code.claude.com/docs/en/tools-reference#powershell-tool | Primary PowerShell tool documentation; should explain dangerous-command/manual-approval behavior for the Windows preview |
| https://code.claude.com/docs/en/security | General safeguards page currently phrases this protection as Bash-only and should clarify how it applies when the PowerShell tool is enabled |

Total scope: 2 pages affected

Source: Changelog v2.1.85

Exact changelog entry:

Improved PowerShell dangerous command detection

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗