# Malformed flag `-dangerously-skip-permissions` (single dash) silently enables `--debug` via prefix match
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
● # Malformed flag -dangerously-skip-permissions (single dash) silently enables --debug via prefix match
## Summary
Passing -dangerously-skip-permissions (single dash, typo) to the claude CLI
does not error out. Instead, the arg parser matches the leading -d against
the --debug shorthand, silently enables Debug mode, and discards the rest of
the token. --dangerously-skip-permissions itself is never applied.
This is dangerous for two reasons:
- Security-relevant flag silently ignored. The user believes they are
running with permissions disabled; they are not. The opposite would be worse
(thinking permissions are enforced while they're actually off), but either
direction is a trust violation.
- Debug mode activates without consent. Verbose logs (including MCP
traffic, tool I/O, hook execution, and request metadata) are written to
~/.claude/debug/<session>.txt without the user asking for them.
## Repro
```bash
claude -dangerously-skip-permissions
- CC launches normally.
- Statusline shows "Debug mode" indicator.
- ~/.claude/debug/<session-uuid>.txt starts filling with [DEBUG] entries.
- Permission prompts still appear — --dangerously-skip-permissions was not
honored.
Expected
Unknown / malformed flags should exit non-zero with a clear error, e.g.:
error: unknown option '-dangerously-skip-permissions'
did you mean '--dangerously-skip-permissions'?
Actual
- Exit code: 0 (CC runs).
- Debug mode: on.
- --dangerously-skip-permissions: not applied.
- No warning printed.
Root cause (suspected)
The CLI arg parser appears to use non-strict prefix matching on single-dash
short options: -d matches --debug, and anything after -d is swallowed
as the attached value or dropped. A strict parser (e.g. clap with
allow_hyphen_values = false or Node parseArgs({ strict: true })) would
reject the token.
Impact
- Low, since the typo fails safe (permissions stay enforced).
- Becomes high if an analogous typo ever maps to a flag that weakens
security instead of logging. The underlying permissiveness is the real
issue; this specific instance is a harmless symptom of it.
Suggested fix
Reject unknown options. If short-flag prefix matching is intentional, at
minimum emit a warning when an unrecognized long-looking token (-xxxxx+)
starts with - and is > 2 chars, and the matched short flag would consume
unexpected trailing characters.
Environment
- OS: Windows 11 Pro (26200)
- Shell: bash (Git for Windows)
- CC version: 2.1.112 (native installer, ~/.local/bin/claude.exe)
What Should Happen?
Expected
Unknown / malformed flags should exit non-zero with a clear error, e.g.:
error: unknown option '-dangerously-skip-permissions'
did you mean '--dangerously-skip-permissions'?
Error Messages/Logs
Actual
- Exit code: 0 (CC runs).
- Debug mode: on.
- --dangerously-skip-permissions: not applied.
- No warning printed.
Steps to Reproduce
Repro
```bash
claude -dangerously-skip-permissions
- CC launches normally.
- Statusline shows "Debug mode" indicator.
- ~/.claude/debug/<session-uuid>.txt starts filling with [DEBUG] entries.
- Permission prompts still appear — --dangerously-skip-permissions was not
honored.
Claude Model
None
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
2.1.112 (Claude Code)
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗