Security scanner for Claude Code settings files. Recursively scans all subdirectories for dangerous patterns in your approved commands that could compromise your host machine. You can run it manually or ask Claude Code to run it with npx cc-safe .
A user reported on Reddit that Claude Code ran rm -rf tests/ patches/ plan/ ~/ - that trailing ~/ wiped their entire home directory.
It's easy to dismiss this as a "vibe coder" mistake, but when you're approving dozens of commands across multiple projects, mistakes happen. The permission prompt becomes muscle memory, and one bad approval can be catastrophic.
cc-safe automates what's hard to do manually: scan all your approved commands across all projects and flag the dangerous ones before they cause damage.
npm install -g cc-safecc-safe <directory> [options]cc-safe . # Scan current directory and all subfolders
cc-safe ~/projects # Scan a specific directory recursively
cc-safe . --no-low # Hide LOW severity findings
cc-safe --help # Show help| Option | Description |
|---|---|
--no-low |
Hide LOW severity findings (show only HIGH and MEDIUM) |
--help, -h |
Show help message |
cc-safe scans .claude/settings.json and .claude/settings.local.json files for risky patterns in the permissions.allow array.
HIGH - Critical security risks:
rm -rf/rm -f- Force-deletes filesBash- Allows ANY bash command (without specifier)chmod 777- World-writable permissionschmod -R- Recursive permission changescurl | sh- Downloads and executes codedd if=- Raw disk operationsmkfs,fdisk- Disk formatting> /dev/sd*- Direct device writesgit push --force- Destroys remote history--dangerously-skip-permissions- Bypasses all safety checks
MEDIUM - Potentially dangerous:
sudo(with system-modifying commands) - Runs commands as rootgit reset --hard- Discards uncommitted changesgit clean -fd- Deletes untracked filesnpm publish/yarn publish- Publishes to npm registrytwine upload- Publishes to PyPI (Python)gem push- Publishes to RubyGemscargo publish- Publishes to crates.io (Rust)docker run --privileged- Full host accessdocker run -v /:/- Mounts entire host filesystemeval- Code injection riskgit push --force-with-lease- Safer but still rewrites history
LOW - Worth noting:
sudo(with read-only commands) - Runs safe commands as root (e.g.,sudo du,sudo ls,sudo cat,sudo apt-cache,sudo ps)git push- Pushes to remote repositoryrm/rm *- Broad file deletion patterns
Commands inside containers are generally safe and skipped:
docker exec ...podman exec ...kubectl exec ...docker run ...(except--privilegedand root mounts)
$ cc-safe ~/projects
Scanning for Claude Code settings files in: /Users/you/projects
Found 3 settings file(s), analyzing...
/Users/you/projects/webapp/.claude/settings.json
[HIGH] sudo: "Bash(sudo *)"
[HIGH] Bash (allow all): "Bash"
/Users/you/projects/scripts/.claude/settings.local.json
[MEDIUM] git reset --hard: "Bash(git reset --hard)"
Summary: 2 high, 1 medium risk pattern(s) found
- Node.js 22+
Originally published as Tip #32 in Claude Code Tips.