Skip to main content
Ben Nadel at cf.Objective() 2014 (Bloomington, MN) with: Madeline Johnsen
Ben Nadel at cf.Objective() 2014 (Bloomington, MN) with: Madeline Johnsen

Learning In Public: Cleaning Up Claude Code Settings

By
Published in Comments (1)

As I'm learning how to use Claude Code, I'm granting it permissions to run operations against the Big Sexy Poems application and file system. And since I don't really know what I'm doing yet, I've been overly permissive in the permissions that I'm granting it (Claude). Which means that my settings.local.json file has loads of redundant commands, unnecessary commands, and maybe even some quasi-malicious commands (depending on how security-minded you are). In an effort to get used to asking Claude to help improve both itself and the application, I'm going to ask Claude Code to clean up this settings file.

Here's the prompt that I've given Claude Code using the Speakmac dictation tool:

Look at @.claude/settings.local.json and review the allowlist of permissions. I'm almost certain that I've been overly permissive in what I've given Claude permissions to do. Please review this file and look for things that are redundant as well as things that are potentially malicious. I've been told that Claude Code doesn't need to have access to tools like ls and find and grep because Claude Code has internal tools that do the same thing. Furthermore, it looks like there are redundancies between star-based commands and explicit commands. And then I also see a bunch of file paths to my local project folder, BigSexyPoems, which I assume shouldn't have to be there because you should be operating with the knowledge that you're in the working directory. So let's see how we can cut this down and simplify my settings file.

After cooking for 1m 12s, it trimmed the file down from 41 entries down to 15. Pretty good!

Screenshot of git diff being applied to the settings.local.json file.

When I was speaking to Claude Code the other day, I asked it what I should do when Claude Code prompts me for permissions to run those unnecessary file system commands like find and grep. Claude Code told me to deny access and then it'll fall-back to using its own internal tools. So it's a little frustrating that I have to keep doing that, but it seems to workout properly.

I asked Claude Code if I should add something to my CLAUDE.md file indicating that it should always rely on internal tools. And it said that such a directive is unnecessary because that's what its internal system prompt is already doing.

Yay non-determinism!

Short link: https://bennadel.com/4877

Reader Comments

16,161 Comments

I found part of the original conversation I had with Claude about cleaning this up. Here's what it told me about its own internal system prompt:

That's Claude Code misbehaving. It should never run grep, rg, find, or cat via Bash when the dedicated tools exist. The instructions explicitly say:

Use Grep instead of grep or rg
Use Glob instead of find or ls
Use Read instead of cat/head/tail

If you see it trying to do that, just deny the Bash call — it should fall back to using the proper tool. Sometimes the model slips into using shell commands out of habit, but there's no scenario where it needs Bash grep when the Grep tool is available.

You can see, it just tells me to keep denying it and force it to fallback to its native tooling.

Post A Comment — I'd Love To Hear From You!

Post a Comment

I believe in love. I believe in compassion. I believe in human rights. I believe that we can afford to give more of these gifts to the world around us because it costs us nothing to be decent and kind and understanding. And, I want you to know that when you land on this site, you are accepted for who you are, no matter how you identify, what truths you live, or whatever kind of goofy shit makes you feel alive! Rock on with your bad self!
Ben Nadel
Managed ColdFusion hosting services provided by:
xByte Cloud Logo