CLAUDE_CODE_SUBPROCESS_ENV_SCRUB should not override permission mode
Resolved 💬 3 comments Opened Apr 20, 2026 by renatodinizc Closed May 27, 2026
Summary
When CLAUDE_CODE_SUBPROCESS_ENV_SCRUB is set, Claude Code forces the permission mode back to default, even when --dangerously-skip-permissions is explicitly passed. This couples two orthogonal concerns.
Observed behavior
$ claude --dangerously-skip-permissions
⚠ Permission mode forced to default — CLAUDE_CODE_SUBPROCESS_ENV_SCRUB is set (allowed_non_write_users hardening). Declare allowedTools explicitly, or set CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=0 to opt out.
Expected behavior
CLAUDE_CODE_SUBPROCESS_ENV_SCRUB should only control whether sensitive environment variables are scrubbed before being passed to subprocesses. It should not override the user's explicit permission mode selection.
These protect against different threat vectors:
- Env scrubbing: prevents secrets (API keys, tokens) from leaking to subprocesses
- Permission mode: controls whether tools require user approval before execution
Coupling them means users who want env scrubbing (reasonable security hygiene) are forced to also lose control over their permission model, with no way to opt into one without the other.
Suggested fix
Decouple the two behaviors:
CLAUDE_CODE_SUBPROCESS_ENV_SCRUBcontrols env var sanitization only--dangerously-skip-permissions(orallowedTools) controls the permission model independently
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗