Using --dangerously-skip-permissions Safely with ShipSafe

The Problem

When you run claude --dangerously-skip-permissions, Claude Code operates in fully autonomous mode. It can write files, run shell commands, install packages, and modify configurations — all without asking you first.

This is transformative for productivity. You describe what you want, go get coffee, and come back to a working feature. But it also means Claude can:

• •Hardcode API keys or tokens in source files
• •Write code with SQL injection, XSS, or other vulnerabilities
• •Install packages with known vulnerabilities
• •Commit and push insecure code without human review

The “dangerously” in the flag name is not a joke. Without guardrails, autonomous AI coding can ship security vulnerabilities at the speed of AI.

The Solution: Git Hooks as a Safety Net

ShipSafe’s git pre-commit hooks run automatically before every commit — including commits made by Claude Code in autonomous mode. Even if Claude writes insecure code, the hook catches it before it enters your git history.

Here is what happens:

# Claude writes code with a hardcoded API key...
# Claude runs: git add . && git commit -m "Add Stripe integration"

# ShipSafe pre-commit hook intercepts:

  CRITICAL  secrets/stripe-live-key
  src/payments.ts:3
  Stripe live secret key detected.

  Commit blocked. Fix the findings above and try again.

# The commit is rejected. The secret never enters git history.

Setup: 3 Commands

Before using --dangerously-skip-permissions, set up your safety net:

# 1. Install ShipSafe
npm install -g @shipsafe/cli

# 2. Install git hooks
shipsafe hooks install

# 3. Set a baseline (so you only see NEW issues)
shipsafe scan --baseline

That is it. Now every commit — whether from you or Claude — gets scanned automatically.

What the Hook Catches

The pre-commit hook scans for:

• ✓Hardcoded secrets — API keys, tokens, passwords for 50+ services
• ✓Critical vulnerabilities — SQL injection, command injection, SSRF
• ✓XSS patterns — dangerouslySetInnerHTML, innerHTML with user input
• ✓Prompt injection — unsanitized user input in LLM prompts
• ✓Image metadata — GPS coordinates and EXIF data in committed images

Claude + ShipSafe MCP: Even Better

For the best experience, add ShipSafe as an MCP server in your Claude Code configuration. This gives Claude direct access to security scanning while it writes code — it can check its own work before even trying to commit.

// In your MCP config (e.g., .mcp.json)
{
  "mcpServers": {
    "shipsafe": {
      "command": "shipsafe",
      "args": ["mcp-server"]
    }
  }
}

With the MCP server running, Claude can call shipsafe_scan to check for vulnerabilities, shipsafe_check_package before installing dependencies, and shipsafe_scan_environment to verify the development environment is safe.

Why Git Hooks Are the Critical Layer

With --dangerously-skip-permissions, there is no human in the loop. Claude writes code, stages it, and commits it — all autonomously. The MCP server is helpful (Claude can self-check while coding), but the git hook is the non-negotiable safety net. Here is why:

• •The MCP server is advisory. Claude can choose to call shipsafe_scan, but nothing forces it. If Claude is deep in a multi-step task, it might skip the scan.
• •The git hook is mandatory. It runs on everygit commit, regardless of whether Claude or a human triggers it. There is no way to skip it (short of passing --no-verify, which Claude Code does not do by default).
• •Secrets in git history are permanent. If a commit with a hardcoded API key reaches your repo, the only remediation is rotating the key. The hook ensures that never happens.

For a full overview of how MCP, hooks, and manual scans work together, see Scanning Claude Code Projects.

The Bottom Line

--dangerously-skip-permissions is the future of AI-assisted development. The productivity gains are too large to ignore. But shipping code without guardrails is reckless. ShipSafe gives you the safety net that makes autonomous AI coding responsible.