Summary
Launching a crewmate with --dangerously-skip-permissions and accepting its one-time "Bypass
Permissions mode" warning makes Claude Code persist skipDangerousModePermissionPrompt: true
into the active settings.json. When the user's ~/.claude*/settings.json is a symlink to
a shared, git-tracked source (a common dotfiles/multi-account setup), this leaks a global
safety-guardrail change into the user's repo — affecting every account, and the whole fleet if
committed.
Root cause
Crewmates run in the user's own Claude config dir (fm-spawn launches bare claude, so it
resolves the default/shared config). Their launch-mode acceptances — and their auth — therefore
write to the user's config, not a crewmate-scoped one.
Reproduction
~/.claude/settings.json is a symlink to a git-tracked source file.
- Spawn a crewmate (
--dangerously-skip-permissions) and accept the Bypass Permissions warning.
git -C <dotfiles> diff shows an uncommitted +"skipDangerousModePermissionPrompt": true
in the shared settings — a guardrail the user never intentionally disabled, now affecting all
accounts.
Impact
- Silent, global reduction of the dangerous-mode confirmation guardrail from a single spawn.
- Surfaces as an unexpected diff in the user's dotfiles repo; risks being committed/pushed
fleet-wide.
Suggested fix
Launch crewmates with a dedicated CLAUDE_CONFIG_DIR (crewmate-scoped), so their settings,
auth, and launch-mode acceptances never touch the user's shared config. This is the same fix as
#599 (multi-account auth) — one dedicated-config-dir change resolves both: crewmates
authenticate in their own dir and stop polluting the user's shared settings.
Related
🤖 Claude Code · claude-opus-4-8 · 2026-07-15
Summary
Launching a crewmate with
--dangerously-skip-permissionsand accepting its one-time "BypassPermissions mode" warning makes Claude Code persist
skipDangerousModePermissionPrompt: trueinto the active
settings.json. When the user's~/.claude*/settings.jsonis a symlink toa shared, git-tracked source (a common dotfiles/multi-account setup), this leaks a global
safety-guardrail change into the user's repo — affecting every account, and the whole fleet if
committed.
Root cause
Crewmates run in the user's own Claude config dir (fm-spawn launches bare
claude, so itresolves the default/shared config). Their launch-mode acceptances — and their auth — therefore
write to the user's config, not a crewmate-scoped one.
Reproduction
~/.claude/settings.jsonis a symlink to a git-tracked source file.--dangerously-skip-permissions) and accept the Bypass Permissions warning.git -C <dotfiles> diffshows an uncommitted+"skipDangerousModePermissionPrompt": truein the shared settings — a guardrail the user never intentionally disabled, now affecting all
accounts.
Impact
fleet-wide.
Suggested fix
Launch crewmates with a dedicated
CLAUDE_CONFIG_DIR(crewmate-scoped), so their settings,auth, and launch-mode acceptances never touch the user's shared config. This is the same fix as
#599 (multi-account auth) — one dedicated-config-dir change resolves both: crewmates
authenticate in their own dir and stop polluting the user's shared settings.
Related
claudefails on multi-account machines) — same root, same fix.