Skip to content

[CRITICAL] Dangerous permissions bypassed in agent mode #104

New issue
New issue
Open
Open
[CRITICAL] Dangerous permissions bypassed in agent mode#104
@Tsukieomie

Description

@Tsukieomie
Tsukieomie
opened on Jan 26, 2026

Security Issue: Permission Bypass in Agent Mode

Severity: CRITICAL
Location: src/main/lib/trpc/routers/claude.ts:1056

Description

Claude Code SDK is configured with allowDangerouslySkipPermissions: true in agent mode, allowing full system access without user prompts.

Code

...(input.mode !== "plan" && {
  allowDangerouslySkipPermissions: true,  // ⚠️ DANGEROUS!
}),

Risk

  • Claude Code SDK executes ANY tool without permission warnings
  • Full system access (file writes, bash commands, network requests)
  • No user oversight on potentially destructive operations

Recommendation

  1. Add user confirmation dialogs for sensitive operations:
    • File writes outside project directory
    • Bash commands with sudo/destructive flags
    • Network requests
    • Git operations (push, force-push, etc.)
  2. Implement a permission whitelist system
  3. Add audit log for all agent actions
  4. Consider tiered permission levels (safe/moderate/dangerous)

Impact

High - Users may inadvertently allow destructive operations without realizing the full scope of agent permissions.

Labels: security, critical, agent-mode

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions