Claude Code Dangerously Skip Permissions: a Sane Guide
What claude code dangerously skip permissions really does, all six permission modes, how to set a default, and the safer alternatives I actually use.
The flag --dangerously-skip-permissions tells Claude Code to stop asking and just do: edits, commands, network calls all run without prompts. It's one of six permission modes, and the word 'dangerously' is in the name on purpose — there are calmer ways to get fewer interruptions.
I'm Evgeny, and I'll admit it: every newcomer eventually googles this flag, usually around prompt number forty in a single evening. So instead of pretending you won't, let's understand the whole permission system — what each mode trades away, and which setup gives you speed without handing Claude the keys to your laptop.
What does --dangerously-skip-permissions actually do?
It starts Claude Code in bypassPermissions mode: permission prompts and safety checks are off, and tool calls execute immediately. By default Claude pauses before editing files, running shell commands, or touching the network; this flag removes those pauses. Two things still stop it: explicit 'ask' rules you've configured, and a circuit breaker for catastrophic deletions — commands like rm -rf / or rm -rf ~ still prompt even here. Honest translation for non-programmers: the flag means 'don't ask me anything', and you should only say that inside an isolated container or VM where a mistake can't hurt your real machine.
claude --dangerously-skip-permissions
Equivalent to claude --permission-mode bypassPermissions. On Mac and Linux it refuses to run as root or under sudo — that's not a bug, it's a seatbelt.
The six permission modes at a glance
Claude Code has six modes, each a different trade between convenience and oversight. default: only reads happen without asking — best for starting out. acceptEdits: file edits and common filesystem commands like mkdir, touch, mv, cp run freely — good while you review changes via git diff afterwards. plan: read-only research mode, Claude proposes before touching anything. auto: everything runs, but a separate safety classifier reviews each action in the background. dontAsk: only tools you pre-approved run, everything else is auto-denied — built for scripts and CI. bypassPermissions: everything runs, no checks — containers and VMs only.
In every mode except bypassPermissions, writes to protected paths — things like .git and Claude's own .claude config folder — are never auto-approved. That quietly protects you from the classic 'the AI edited its own permissions' horror story.
How do you switch modes — is there a shortcut?
Yes: Shift+Tab cycles default → acceptEdits → plan mid-session, and the status bar shows where you are. bypassPermissions only appears in the cycle if you started with an enabling flag — you cannot wander into it by accident. There's even a polite variant: --allow-dangerously-skip-permissions adds the mode to your Shift+Tab cycle without activating it, so it's one keypress away when a trusted task needs it.
Can you skip permissions by default?
You can set any default mode in settings — but please pick a sane one. The defaultMode setting in .claude/settings.json controls how every session starts. My recommendation for non-programmers after the first week: acceptEdits as default, plan mode for big tasks, and bypass only inside disposable environments.
{
"permissions": {
"defaultMode": "acceptEdits"
}
}Edits flow without prompts; risky shell commands still ask. Say to Claude: "set acceptEdits as the default mode in this project's settings" — and it will do this for you.
Safer alternatives: auto mode and friends
If your real complaint is prompt fatigue, the modern alternative to skip-permissions is auto mode: Claude works without routine prompts while a separate classifier model watches every action and blocks anything that escalates beyond your request — production deploys, force pushes, curl-pipe-bash downloads. It's a research preview, not a guarantee, but it's the 'fewer prompts without removing the brakes' option. The second lever is fine-grained rules: run /permissions and add allow rules for commands you trust, like Bash(npm run *), so the routine stuff stops asking while everything else still does.
Why is the flag 'not working' for some people?
Three common cases. You're root or using sudo — blocked by design on Linux and macOS. You tried to switch into bypassPermissions mid-session without having started with an enabling flag — restart with the flag. Or an administrator set disableBypassPermissionsMode in managed settings, in which case the decision was made above your pay grade, and honestly, probably correctly.
skip-permissions means 'don't ask me anything'. Claude with no prompts plus your real laptop plus the open internet is a bad cocktail: a malicious webpage Claude reads could instruct it to do things you'd never approve. Use bypass only in an isolated container or VM. On your actual machine, auto mode or acceptEdits plus allow rules gets you 90% of the speed with brakes intact.
Your permission setup in 4 steps
- 1Run /permissions and look at what's already allowed — know your starting point.
- 2Add allow rules for boring repeated commands: Bash(npm run *), Bash(git commit *).
- 3Set defaultMode to acceptEdits in .claude/settings.json once you trust the flow.
- 4Cycle to plan mode with Shift+Tab before anything big or scary.
Kicker: permissions aren't bureaucracy, they're a dial. Start tight, loosen exactly where it annoys you, and save 'dangerously' for places where danger physically can't reach. Tonight, instead of the big red flag, just add three allow rules — you'll feel the difference by prompt ten.
Author
Evgeny Arsentyev
PhD · Chief Product Officer at a healthtech company
▌ Reading is the blue pill
Want to actually build this?
Guides explain. The free course transforms — personalized, gamified, and built to get you shipping fast.
◉ Take the red pill →