Backslash-escaped whitespace check is too aggressive — flags legitimate paths with spaces
Problem
The hardcoded "Contains backslash-escaped whitespace" safety check triggers on every bash command whose path contains spaces — even when the command is completely safe, read-only, and auto-allowed by the user's permission settings.
This means working in any directory with spaces in its name (e.g., ~/Documents/My Project/) triggers a confirmation prompt on virtually every command: git status, cat, ls, reading files, etc. The check bypasses allowedTools rules and auto-allow/sandbox settings, so there is no way to suppress it.
Example
A project at ~/Projects/1st PATO AI Hackathon/ caused dozens of confirmation prompts per session for commands like:
cat /Users/user/Projects/1st\ PATO\ AI\ Hackathon/.gitignore
git -C /Users/user/Projects/1st\ PATO\ AI\ Hackathon status
These are clearly safe — the backslashes are just shell-escaping spaces in a real folder name. The scanner correctly identifies them as "Low risk: No risk — read-only command" but still prompts.
Impact
- Users working in directories with spaces have to confirm nearly every command
- No workaround exists short of renaming the folder
- macOS commonly creates paths with spaces (iCloud, Documents, etc.)
- The check fires even when Claude Code itself generated the escaped path
Suggestion
Instead of pattern-matching on \<space> blindly, the check could:
- Resolve the path first — if the backslash-escaped string resolves to an existing file/directory, it's a legitimate path, not an injection attempt
- Respect allowedTools rules — if the user has auto-allowed bash commands (via sandbox mode or explicit patterns), don't override that with a hardcoded check
- Only flag when ambiguous — e.g., when the escaped whitespace appears in argument positions where it could split into multiple commands, not in quoted strings or
-Cflag arguments - Exempt the working directory path — Claude Code knows the CWD; if the backslash-escaped portion matches the project root, it's obviously safe
Environment
- macOS (Darwin), Claude Code CLI
- Spaces in directory name:
1st PATO AI Hackathon - Permission mode: sandbox with bash auto-allow
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗