--dangerously-skip-permissions is the only safe mode

Claude Code has a flag called --dangerously-skip-permissions. Despite the name, I'm more nervous about engineers who don't use it. If you run the default "permissions" mode, your Claude setup is probably unsafe.

--dangerously-skip-permissions lets the agent do anything it wants on your machine. Sounds dangerous. Claude could do real damage with the DATABASE_URL in your env files.

By default, Claude asks permission before it acts: run a script, delete a file, make a network request. Sounds sensible. The human stays in the loop.

Now watch what happens after a few minutes.

Claude asks to write a script. Writing files is safe. Approve. Claude asks to run the script. The script looks safe. Approve. The script has a bug. Claude edits it and asks to re-run. Read the diff, approve.

After a handful of these, it starts to feel like real work, and the last ten were fine. Probably fine. Approve.

I'm now effectively in --dangerously-skip-permissions mode, except I have to sit at the keyboard to skip the permissions. This is approval fatigue, and it's why the default mode is worse than --dangerously-skip-permissions.

If approval doesn't work, what does? Auth.

This is how we handle the same problem for humans at work. Bob gets an access token. He makes requests like "give me this file", and the service authorizes him against a policy like "Bob owns this file".

Bob's permissions balance two things: he needs access to be productive, but he can also make mistakes, turn disgruntled, or lose his laptop.

Bob writes and runs any scripts he likes on his machine. No human reads or approves them. The auth policy is enforced by the services his scripts talk to. Auth policies don't get tired.

Agents have the same shape. They can be helpful. They can also turn stupid or malicious or both. And we can't post a human behind every action.

So the equivalent of auth for Claude Code is auth. Give him credentials. Let him run whatever scripts he wants with them.

Suppose you have two colleagues. Bob runs Claude in regular permissions mode. Alice runs Claude with --dangerously-skip-permissions. Who is more likely to cause a production incident?

Bob makes me more nervous. His discomfort with --dangerously-skip-permissions means he knows his machine holds credentials he doesn't trust Claude with. He's trying to verify every action, and eventually he will slip.

That's why --dangerously-skip-permissions is the safer mode. It forces you to give your agent a working permissions system: auth, not approval.