What --dangerously-skip-permissions
actually does.
claude --dangerously-skip-permissions makes Claude Code run every tool call, bash, file writes, deletes, without asking for approval. People use it for unattended or overnight runs so the agent never blocks on a prompt.
The risk is that a wrong or injected command runs with no human gate. The safer pattern is to keep the agent moving but route approvals to your phone.
The flag
claude --dangerously-skip-permissionsRuns every tool call without a prompt for the whole session.
What the flag actually does
It is not a lighter prompt or a smart allowlist. It removes the approval step for every tool for the rest of the session.
Skips every PreToolUse prompt
Bash commands, file writes, edits, and deletes all run without asking. Claude Code stops surfacing the approval prompt entirely for the session.
No per-tool gate
There is no allowlist and no exception. Once the flag is set, a wrong command runs the same as a correct one, with no chance to stop it first.
Same idea in other agents
Codex has --full-auto and a bypass sandbox mode, Cursor calls it YOLO mode, and Gemini CLI has --yolo. Each removes the approval step in its own way.
Why people use it, and the real risk
The flag solves a real problem. It also removes the one safeguard that stops a bad command before it runs.
Three ways to run an agent
Full skip keeps the agent moving but drops the gate. Babysitting keeps the gate but pins you to the keyboard. A phone gate keeps both.
| Approach | Agent keeps moving | Destructive actions gated | Away from the keyboard | Audit trail |
|---|---|---|---|---|
| Full skip (--dangerously-skip-permissions) | ||||
| Babysit the terminal | ||||
| Pushary phone-gate |
The safer alternative
Pushary keeps a human gate on the risky tools through a PreToolUse hook. The agent runs on its own, but a destructive bash command, a delete, or an edit outside the allowlist is held. A push notification goes to your phone, you approve or deny in one tap from your lock screen, and every decision is logged. You keep the unattended flow of the skip flag without dropping the gate.
Skip permissions questions
What does --dangerously-skip-permissions do?
It tells Claude Code to run every tool call without asking for approval. Bash commands, file writes, edits, and deletes all execute immediately. The flag turns off the PreToolUse approval prompt for the whole session, which is why people use it for unattended or overnight runs.
Is --dangerously-skip-permissions safe?
It is only as safe as the environment you run it in. Inside a throwaway container or VM with nothing valuable to reach, the blast radius is small. On your real machine or with repo write access, a single wrong or injected command can delete files, force push, or run a bad migration with no chance to stop it. The safer pattern is to keep a human gate on the risky tools instead of removing all of them.
How do I skip permissions in Codex, Cursor, or Gemini?
Each agent has its own bypass. Codex uses --full-auto and a bypass sandbox mode, Cursor calls it YOLO mode in settings, and Gemini CLI takes --yolo. They all remove the approval step the same way Claude Code does. Pushary gates all of them through a PreToolUse hook, so you get one policy across agents instead of an all-or-nothing flag per tool.
How do I run Claude Code unattended without skipping every permission?
Add Pushary's PreToolUse hook. The agent keeps running on its own, but risky tool calls are held and a push notification goes to your phone. You approve or deny in one tap from your lock screen, and every decision is logged. You get the unattended flow of the skip flag without giving up the human gate.
Run unattended without skipping every permission.
Keep the agent moving, gate the risky calls, approve from your phone. Set up in two minutes.