#1 Critical
The YOLO Button
Using --dangerously-skip-permissions without isolation
! 32% hit unintended modifications, 9% data loss
Developers disable all permission prompts for speed, then Claude executes destructive commands on their actual filesystem. Real case: Claude wiped a production PostgreSQL database by running drizzle-kit push --force. Another ran rm -rf on an entire project directory.
DON'T
The shortcut that wipes your database
# "I'll just skip permissions to go faster" "color:#7C5CFC">claude "color:#d97757">--dangerously-skip-permissions \ -p "Clean up this project" # Claude decides to: # 1. rm -rf node_modules (fine) # 2. rm -rf .git (NOT fine) # 3. drizzle-kit push --force (production DB wiped)
DO
Isolated with container + scoped tools
# Run in a Docker container with no host access "color:#7C5CFC">docker run "color:#d97757">--rm -v $(pwd):/work \ "color:#7C5CFC">claude "color:#d97757">--dangerously-skip-permissions \ -p "Clean up this project" # Or use allowedTools for specific permissions only "color:#7C5CFC">claude "color:#d97757">--allowedTools "Read,Glob,Grep" \ -p "Analyze this codebase"
Sources
GitHub #27063 GitHub #7232 Anthropic Security Docs