← Back to blog
3 min read

How to Use --dangerously-skip-permissions Safely in Claude Code

Claude Code's --dangerously-skip-permissions flag gives your agent full autonomy — but one wrong command can destroy production. Here's how Railroad makes it safe.

Claude Codedangerously-skip-permissionssafetytutorial

If you use Claude Code, you've seen the flag: --dangerously-skip-permissions. It's right there in the name — dangerous. But it's also the only way to unlock Claude Code's full potential.

Without it, you're approving every single command. npm install? Approve. git add? Approve. mkdir? Approve. After the 50th approval, you stop reading what you're approving. That's when terraform destroy slips through.

With it, Claude Code runs at full speed — but there's nothing between your agent and production. No guardrails, no blocklist, no safety net.

The problem with --dangerously-skip-permissions

The flag does exactly what it says: it skips all permission checks. Every command your agent generates executes immediately. That includes:

  • rm -rf / — wipes your filesystem
  • terraform destroy — tears down your infrastructure
  • drizzle-kit push --force — drops your database tables
  • git push --force origin main — overwrites your team's work

These aren't hypothetical. In February 2026, a Claude Code agent ran terraform destroy on a production stack — 1.9 million rows of student data, gone. Another agent ran drizzle-kit push --force against a production PostgreSQL database — 60+ tables dropped, unrecoverable.

The solution: Railroad

Railroad sits between Claude Code and the outside world. Every command passes through it before executing. Safe commands fly through instantly — under 2ms of overhead. Dangerous commands are blocked.

$ claude --dangerously-skip-permissions

✓ npm install && npm run build
✓ git add . && git commit -m "feat: auth"
✓ npx prisma migrate deploy
⛔ BLOCKED  terraform destroy
⛔ BLOCKED  rm -rf /

You get the speed of --dangerously-skip-permissions with the safety of manual approval — without actually having to manually approve anything.

How to set it up

cargo install --git https://github.com/railroad-dev/railroad.git
railroad install

That's it. Railroad registers hooks with Claude Code, configures an OS-level sandbox, and loads your policy file. Now you can run claude --dangerously-skip-permissions knowing that destructive commands will never execute.

Customizing your policy

Drop a railroad.yaml in your project root:

blocklist:
  - terraform destroy
  - "rm -rf"
  - "DROP TABLE"
  - "push --force"
  - drizzle-kit push --force

approve:
  - npm publish
  - docker push

Blocked commands are stopped immediately. Approved commands pause for your sign-off. Everything else executes instantly.

Why not just use a sandbox?

Sandboxes restrict what your agent can do. Railroad only restricts what it shouldn't do. Your agent keeps full access to your project, your tools, your workflow — it just can't run the commands that would destroy production.

That's the difference between a cage and a guardrail.

Install Railroad and run Claude Code at full speed, safely.