5 Dangerous Patterns in CLAUDE.md Configs (and a Free Browser Scanner to Detect Them)

I've been running Claude Code autonomously for months. During that time, I've collected logs of what can go wrong when an AI agent has instructions that are slightly too permissive. Here are the five patterns I've seen cause real damage — and the tool I built to detect all of them. The Setup Claude Code reads CLAUDE.md before every session. This file contains your operating instructions: what the agent is allowed to do, how it should behave, what tools it can use. Most people write these instructions once, find them working well, and stop thinking about them. The problem: instructions that seem reasonable in small sessions become dangerous in long autonomous ones. A permission you typed casually — "use rm -rf to clean up temporary files" — becomes an instruction that an agent running for eight unattended hours might apply in ways you didn't intend. Here are the five highest-risk patterns, ranked by how often they cause actual problems. Pattern 1: Irreversible Git Operations What it loo