GrantGuard audits the permission allowlist that Claude Code builds up as you click "always allow." Hidden away in settings files that are rarely audited, these permissions strings can contain substantive risks: API keys once pasted into a command, unrestricted git push, commands that read your OS credential store, common destructive commands, and more.