Backslash-escaped whitespace check is too aggressive — flags legitimate paths with spaces

Resolved 💬 3 comments Opened Apr 11, 2026 by luismarcanth Closed Apr 15, 2026

Problem

The hardcoded "Contains backslash-escaped whitespace" safety check triggers on every bash command whose path contains spaces — even when the command is completely safe, read-only, and auto-allowed by the user's permission settings.

This means working in any directory with spaces in its name (e.g., ~/Documents/My Project/) triggers a confirmation prompt on virtually every command: git status, cat, ls, reading files, etc. The check bypasses allowedTools rules and auto-allow/sandbox settings, so there is no way to suppress it.

Example

A project at ~/Projects/1st PATO AI Hackathon/ caused dozens of confirmation prompts per session for commands like:

cat /Users/user/Projects/1st\ PATO\ AI\ Hackathon/.gitignore
git -C /Users/user/Projects/1st\ PATO\ AI\ Hackathon status

These are clearly safe — the backslashes are just shell-escaping spaces in a real folder name. The scanner correctly identifies them as "Low risk: No risk — read-only command" but still prompts.

Impact

  • Users working in directories with spaces have to confirm nearly every command
  • No workaround exists short of renaming the folder
  • macOS commonly creates paths with spaces (iCloud, Documents, etc.)
  • The check fires even when Claude Code itself generated the escaped path

Suggestion

Instead of pattern-matching on \<space> blindly, the check could:

  1. Resolve the path first — if the backslash-escaped string resolves to an existing file/directory, it's a legitimate path, not an injection attempt
  2. Respect allowedTools rules — if the user has auto-allowed bash commands (via sandbox mode or explicit patterns), don't override that with a hardcoded check
  3. Only flag when ambiguous — e.g., when the escaped whitespace appears in argument positions where it could split into multiple commands, not in quoted strings or -C flag arguments
  4. Exempt the working directory path — Claude Code knows the CWD; if the backslash-escaped portion matches the project root, it's obviously safe

Environment

  • macOS (Darwin), Claude Code CLI
  • Spaces in directory name: 1st PATO AI Hackathon
  • Permission mode: sandbox with bash auto-allow

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗