Skip to content
Logo
Published on

Running Claude Code with Dangerously-Skip-Permissions: A Safe Local Development Setup

Learn how to safely use Claude Code with the --dangerously-skip-permissions flag by running it in an isolated devcontainer environment. This guide follows Anthropic best practices and includes step-by-step setup instructions.

Why Dangerously-Skip-Permissions is Powerful (and Risky)

Claude Code's --dangerously-skip-permissions flag is incredibly useful. It lets Claude execute code, run commands, and modify files without asking for permission on every action. This means faster, uninterrupted development workflows where Claude can iterate autonomously on your project.

But it's also dangerous. As Anthropic's official documentation states:

"Letting Claude run arbitrary commands is risky and can result in data loss, system corruption, or even data exfiltration (e.g., via prompt injection attacks)."

This isn't theoretical. A malicious prompt injection in your code, or a vulnerability in a dependency, could give Claude (or whoever controls the prompt) full access to your system—including your home directory, credentials, SSH keys, and everything else.

The key insight: The risk isn't Claude itself. The risk is giving any tool unrestricted access to your computer.

The Solution: Devcontainers

Anthropic's recommendation is clear: only use --dangerously-skip-permissions inside containerized environments without internet access. This way, even if something goes wrong, the damage is confined to an isolated sandbox.

A devcontainer is the ideal approach for this because:

  1. Built-in isolation - Your code runs in a separate, sandboxed environment
  2. Transparent integration - VS Code handles the container seamlessly—it feels like native development
  3. Credential protection - You can control which credentials the container can access
  4. Official backing - This is Anthropic's recommended approach

How This Works

Here's the architecture:

On your host machine (Mac/Linux/Windows):

  • Your actual codebase lives on disk
  • VS Code is installed normally
  • Your Claude Code credentials are kept safe

Inside the devcontainer:

  • A virtual Linux environment (Node.js 20)
  • Your code is mounted as a volume (changes sync automatically)
  • Claude Code CLI is installed
  • When you run claude --dangerously-skip-permissions, it has full access—but only within the container

If Claude goes rogue (or you make a mistake), it can only damage files inside the container. Your actual system is untouched.

Important: Local Development ≠ Production

This devcontainer setup is purely for local development. It has nothing to do with how your blog is deployed to production. Your blog deploys to GitHub Pages as a static site (built via GitHub Actions), which is completely separate from this development environment.

Step-by-Step Setup

1. Ensure VS Code and Docker are Installed

You need:

2. Copy the Devcontainer Configuration

Your project should have a .devcontainer/ directory with:

.devcontainer/devcontainer.json - The configuration file:

{
  "name": "Blog Development",
  "image": "mcr.microsoft.com/devcontainers/javascript-node:20",
  "features": {
    "ghcr.io/devcontainers/features/git:1": {}
  },
  "customizations": {
    "vscode": {
      "extensions": [
        "dbaeumer.vscode-eslint",
        "esbenp.prettier-vscode"
      ],
      "settings": {
        "editor.formatOnSave": true
      }
    }
  },
  "forwardPorts": [3000],
  "postCreateCommand": "npm install -g @anthropic-ai/claude-code && yarn install && yarn prepare",
  "remoteUser": "node"
}

.devcontainer/Dockerfile - The container image definition:

FROM mcr.microsoft.com/devcontainers/javascript-node:20

RUN apt-get update && apt-get install -y --no-install-recommends \
    bash-completion \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /workspace

RUN echo "fs.inotify.max_user_watches=524288" | tee -a /etc/sysctl.conf > /dev/null

RUN corepack enable

.claude/settings.json - Explicit tool allowlist:

{
  "allowedTools": [
    "Read",
    "Write",
    "Edit",
    "Glob",
    "Grep",
    "Bash(git:*)",
    "Bash(yarn:*)",
    "Bash(npm:*)",
    "Task",
    "WebFetch"
  ]
}

3. Open in Devcontainer

In VS Code, open your project and you'll see a prompt: "Folder contains a Dev Container configuration. Reopen folder to develop in a container?"

Click Reopen in Container.

VS Code will:

  1. Build the Docker image
  2. Start the container
  3. Install dependencies (yarn install)
  4. Install Claude Code CLI globally

This takes a few minutes the first time.

4. Verify the Setup

In the VS Code terminal (which now runs inside the container), verify everything works:

# Check Node.js version
node --version
# Should output: v20.x.x

# Check Yarn version
yarn --version
# Should output: 3.6.1

# Check Claude Code is installed
claude --version
# Should output the Claude Code version

5. Set Up Claude Code Credentials

Claude Code needs your Anthropic API token. Inside the container terminal:

# This will prompt you to authenticate
claude auth login

Or set the environment variable:

export CLAUDE_CODE_OAUTH_TOKEN=your_token_here

Using Claude Code with Dangerously-Skip-Permissions

Once set up, you can use Claude Code inside the container with full unrestricted access:

# Start Claude Code with dangerously-skip-permissions enabled
claude --dangerously-skip-permissions

Now Claude can:

  • Modify files without asking permission
  • Run arbitrary commands
  • Install dependencies
  • Commit code
  • All without confirmation prompts

And it's safe because it's confined to the container.

Real-World Workflow

Here's what a development session looks like:

  1. Start VS Code with your project
  2. Open in devcontainer (one-time setup, or automatic on next open)
  3. Start Claude Code in the terminal: claude --dangerously-skip-permissions
  4. Give Claude instructions - It runs autonomously, syncing changes to your disk in real-time
  5. Test locally - Run yarn dev to see your changes
  6. Commit when satisfied - Standard git workflow
  7. Exit the container - Close VS Code, your code is safely on disk

The container is ephemeral—it's just a development tool. Your actual code lives on your machine.

Security Model: What This Protects Against

Protects against:

  • Local privilege escalation (container has no access to host)
  • Accidental deletion of important files on your system
  • Credential theft from your home directory
  • Network exfiltration of system data
  • Hardware access or system-level modifications

Does NOT protect against:

  • Malicious code in your own repository (you've already trusted the repo)
  • Attacks via the network (container still has internet access for development)
  • Supply chain attacks in your dependencies

The security model assumes you trust your project repository. If you clone a malicious repo and give Claude full access, it can still do damage within the container.

Customizing the Setup

Use a Different Base Image

Change the image field in devcontainer.json:

{
  "image": "mcr.microsoft.com/devcontainers/python:3.11"
}

Add More VS Code Extensions

In devcontainer.json customizations:

{
  "vscode": {
    "extensions": [
      "dbaeumer.vscode-eslint",
      "esbenp.prettier-vscode",
      "your-extension-here"
    ]
  }
}

Adjust Container Resources

Limit memory or CPU in devcontainer.json:

{
  "containerWorkspaceFolder": "/workspace",
  "runArgs": ["--memory=2g", "--cpus=2"]
}

Troubleshooting

Q: Devcontainer won't build

  • Check Docker Desktop is running
  • Check .devcontainer/Dockerfile syntax
  • Try rebuilding: Command Palette → "Dev Containers: Rebuild Container"

Q: Claude Code CLI not found

  • The postCreateCommand installs it, but rebuilding the container might help
  • Or install manually: npm install -g @anthropic-ai/claude-code

Q: Port 3000 already in use

  • Change the port mapping in devcontainer.json:
    {
  "forwardPorts": [3001]
}

Q: Can't access credentials inside container

  • Make sure your Claude Code token is set via claude auth login inside the container

Lessons Learned

Building this setup taught me several things:

  1. Devcontainers are underrated - They're not just for remote development. They're a powerful tool for isolated, reproducible development environments.

  2. The danger is real - Once you've used --dangerously-skip-permissions productively, it's tempting to use it everywhere. Containers are the guardrail that makes this safe.

  3. Transparency matters - VS Code's seamless container integration means you forget you're in a container. This is both powerful and something to be aware of.

  4. Credentials are critical - The .claude/settings.json allowlist is easy to forget but essential. An overly permissive allowlist defeats the security model.

  5. Local ≠ Production - The biggest mental shift was realizing this container is purely for development. Your actual deployment (GitHub Pages) is completely separate, and that's good—it means your production isn't affected by this experimental setup.

Next Steps

  • Set up your own devcontainer using this guide
  • Experiment with --dangerously-skip-permissions in a safe environment
  • Notice how much faster development becomes without permission prompts
  • Document any issues or improvements you discover

This approach has made my Claude Code workflow dramatically faster while keeping my actual system safe. It's a small investment in setup for a significant payoff in productivity and peace of mind.

Note: This entire blog (including this post!) was developed using this devcontainer setup with Claude Code. So this isn't just theory—it's battle-tested in a real project.