[FEATURE] Enumerate accessible credentials in --dangerously-skip-permissions warning dialog
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
When launching Claude Code with --dangerously-skip-permissions, the current trust dialog warns that permissions will be bypassed, but it does not tell the user what Claude will have access to. In practice, Claude inherits the user's full shell environment — AWS profiles, Kubernetes contexts, Vault tokens, API keys, and other sensitive credentials. A user who intended to work on a local project may not realize they're giving Claude unrestricted access to a production AWS account or a production Kubernetes cluster.
This is especially dangerous because:
- AWS profiles and Kubernetes contexts are global mutable state — the active profile/context may have changed since the user last checked
- Sensitive environment variables (e.g.
VAULT_TOKEN,GITHUB_TOKEN,TF_TOKEN_*) are invisible unless the user manually inspects them - The current warning is generic and does not help the user make an informed decision about whether to proceed
Related: #28059 (Claude committed live device private keys), #25053 (redacting sensitive env vars), #11271 (Claude exposing env var values when confused).
Proposed Solution
Enhance the --dangerously-skip-permissions trust dialog to enumerate the credentials Claude will have access to before the user confirms. The dialog would scan and display:
AWS:
- Effective profile name, account ID, region, and assumed role
- Other available profiles (by name only)
Kubernetes:
- Current context, cluster server URL, and namespace
- Other available contexts (by name only)
Sensitive environment variables:
- Variable names (not values) matching well-known credential patterns (
*_TOKEN,*_SECRET,*_KEY,*_PASSWORD,VAULT_*, etc.) - Non-standard environment variables that appear to contain API keys, bearer tokens, application secrets, or other credentials — detected by pattern matching on both variable names and value formats (e.g. long base64 strings,
sk-*,Bearer *, common key prefixes)
Example output in the trust dialog:
⚠️ DANGEROUSLY-SKIP-PERMISSIONS MODE
Claude will have unrestricted command execution with your full credentials:
AWS
├─ Effective profile: prod-us-east-1 (account 123456789012, us-east-1, role AdminAccess)
└─ Other profiles available (3): dev-us-east-1, staging-eu-west-1, sandbox
Kubernetes
├─ Current context: prod-us-east-1 → https://prod.example.com (namespace: default)
└─ Other contexts available (2): dev-us-east-1, staging-eu-west-1
Sensitive environment variables detected:
VAULT_TOKEN, GITHUB_TOKEN, TF_TOKEN_app_terraform_io, MY_APP_BEARER_TOKEN
This would be implemented natively in the trust dialog (before Claude's model context is initialized), not via hooks — ensuring it works reliably across models and platforms.
Alternative Solutions
Users currently have no way to see what credentials Claude will inherit before confirming the dialog. The only alternative is to manually run env, aws configure list, and kubectl config current-context before every session, which is error-prone and easily forgotten.
Priority
Medium - Would be very helpful
Feature Category
Interactive mode (TUI)
Use Case Example
- Developer runs
claude --dangerously-skip-permissionsto automate a task - They forgot they switched their
kubectlcontext toprod-us-east-1in another terminal 30 minutes ago - Current dialog: generic warning → user clicks through → Claude has prod access
- Proposed dialog: shows
prod-us-east-1context prominently → user catches the mistake → switches context before proceeding
Additional Context
Thanks for building Claude Code! I am happy to help flesh this out further if useful.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗