Mastering Claude Code

The Temptation of "Dangerously Skipping Permissions"

When you search for Claude Code tutorials on YouTube, many videos use a flag called --dangerously-skip-permissions. With this flag, Claude performs all tasks automatically without requiring approval: modifying files, executing commands, installing packages. It looks clean on screen because the work flows without interruption.

But the name of this flag contains the word "dangerously" for a reason. It means Claude could accidentally delete important files, execute unintended system commands, or perform actions that affect production servers all without your approval.

I understand wanting to work quickly. But there is a better way to balance speed and safety.

The Four-Level Autonomy Model

Claude Code's permission settings consist of four levels. Each represents the degree of autonomy you grant to the agent.

Stage 1: Plan

This is the most restrictive mode. Claude can read and analyze files, but does not modify anything. It doesn't write code or execute commands. It only plans and reports.

It suits understanding the structure of a new project or discussing strategy for approaching a complex problem.

Stage 2: Ask Before

Claude can perform tasks, but requires your approval at each step. It asks "May I modify this file?", "May I execute this command?" for each action.

It is safe but slow. The user must remain at the screen continuously pressing approval buttons. You choose this mode for sensitive operations on critical systems.

Stage 3: Auto Edit

At this level, file editing happens automatically, but system commands still require approval. Code writing and modification proceed freely, but commands like rm, npm publish, and git push execute only after human review.

This is the balance point suitable for most everyday development work.

Stage 4: Bypass

All restrictions are removed. This corresponds to --dangerously-skip-permissions. Claude performs all tasks automatically.

This mode should only be used when you actively supervise from the screen. Running the agent in bypass mode while away from your desk is dangerous.

Fine-Grained Control with Allowlists and Denylists

When you need more precise control than the four-level model, you use allowlists and denylists.

This approach is not 'allow everything or block everything', but rather 'allow only commands verified as safe, and explicitly block dangerous commands' for fine-grained settings.

Put safe commands like git commit, npm test, npm run build in the allowlist, and destructive commands like rm -rf, git push --force, DROP TABLE in the denylist.

One important rule applies here: the denylist takes priority over the allowlist. Even if rm is included in the allowlist, if it is also in the denylist, it gets blocked. The safety mechanism always wins.

With this setup, you get nearly the same speed as --dangerously-skip-permissions while still blocking fatal commands. It is a practical way to achieve safety without sacrificing speed.

VPS Hosting and Remote Claude Code Operations

Closing your laptop disconnects the Claude Code session. For long-running work or continuous monitoring, this is a constraint.

Installing Claude Code on a VPS (Virtual Private Server) solves this problem. Because the server runs 24 hours, the session persists even when you close your laptop. Using SSH (Secure Shell) for remote access lets you continue the session anytime, anywhere.

If you set up Telegram integration, you can even give Claude Code instructions from your phone. You ask "How did that validation I ran last night turn out?" from the subway on your way to work and get an answer.

Claude Code also has a remote control feature. You can operate a session running on one computer from a browser or phone. The code never leaves your machine; only control is remote. You can start work at your office computer and adjust direction from your phone while stepping out for coffee.

When running long-term sessions, permission settings need extra care. Because the agent runs while you are away, bypass mode is not appropriate. Carefully structure the allowlist and denylist, and for tasks requiring approval, configure the agent to wait until authorization arrives.

Security in Team Environments

Using it alone versus using it in a team operates on different security levels. One person's mistake can affect the entire team.

API Key Management

In team projects, never put API keys directly in code. If one person hardcodes a key and commits it, that key lives forever in the git history. Even in private repositories, it is not safe.

Manage API keys with environment variables. Store keys in a .env file, and add this file to .gitignore without fail. Each team member manages their own .env file on their computer, and share the actual key values through secure channels like password managers or encrypted messages.

Using settings.local.json

Claude Code's configuration files come in two types: shared settings that apply across the entire project and personal settings that apply only to your environment.

settings.local.json is your personal configuration file. It contains content specific to your environment: your permission settings, environment-specific paths, your personal MCP server connections, and so on. You do not commit this file to git.

Put shared project settings in a separate configuration file and commit it. All team members work under the same base rules, while individual differences are handled in settings.local.json.

Principle of Least Privilege

The basic principle for permission settings in team environments is straightforward: grant only the minimum permissions necessary for each role.

There is no reason a frontend developer's Claude Code session should be able to run database deletion commands. There is no reason a production deployment command should be allowed from a session that does not belong to a deployment manager. By configuring allowlists and denylists differently for each role, you can structurally limit the scope of damage from mistakes.

Security Is Not the Enemy of Speed

Spending time on permission configuration and security management can feel burdensome. You might think, "Can't I just use --dangerously-skip-permissions?" In reality, when doing simple experiments in personal projects, it may not cause major problems to do so.

But as your project grows, your team expands, and production servers become involved, running without security settings is like driving on a highway without a seatbelt. Before an accident happens, you feel only inconvenience, but once it happens, it is already too late.

Once you configure your allowlists and denylists carefully, you can work at nearly the same speed as bypass mode while still blocking fatal mistakes. Investing one hour up front to make all subsequent sessions secure is one of the most efficient time investments you can make.

For anyone who wants to use Claude Code seriously, permission configuration is not optional but fundamental. The stronger the power of a tool, the stronger the system that controls that power must be.

If you have developed technical competence and security awareness, the next stage is converting that ability into actual business. Technical skill alone in handling Claude Code is not enough. Answering the question of how someone with that skill can acquire their first client in the market, set pricing, and build a sustainable business is where the next journey begins.

Kim Kyung-jin, Attorney and AI Specialist

Specialist in AI Law and Policy, Former Member of Parliament, Author of numerous works

If this book has been at your side even briefly, please support the next story so it can reach the world.

(Voluntary support account: Nonghyup 302-1096-0948-81, Account holder: Kim Kyung-jin)