[BUG] `awk -f script.awk` that can execute arbitrary code may skip the classifier's audit in auto-mode
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
In auto-mode, commands that may execute arbitrary code, such as bash and python, are forced to be audited by the security classifier, regardless of whether they are on the user-defined allow-list. awk -f script.awk can do the same things that bash does (executing arbitrary code) if script.awk contains:
BEGIN {
system("bash -c '...")
}
However, awk isn't forced to go through the classifier's audit, so if it is on the user-defined allow-list, it will skip the security audit entirely in auto-mode. Compared to bash, this doesn't make sense.
What Should Happen?
awk should be forced to go through the classifier's audit.
Error Messages/Logs
N/A
Steps to Reproduce
Create a file script.awk containing the aforementioned content. Add awk to the user-defined allow-list. Launch Claude Code in auto-mode and ask it to finish a task that requires executing awk -f script.awk.
Claude Model
None
Is this a regression?
No, this never worked
Last Working Version
_No response_
Claude Code Version
2.1.119
Platform
Anthropic API
Operating System
Ubuntu/Debian Linux
Terminal/Shell
Windows Terminal
Additional Information
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗