Skill Permissions
Automatically analyze permissions required by all skills in Claude Code and generate one-time authorization commands.
Dangerous Operations Warning
This skill can modify other skill files. The following commands may cause widespread file changes:
| Command | Risk Level | Description |
|---------|------------|-------------|
| /skill-permissions inject | High | Batch modify all skill SKILL.md files |
| /skill-permissions allow-all | Medium | Batch modify settings.json |
| /skill-permissions allow <name> | Low | Only modify settings.json |
| /skill-permissions <name> | Safe | Read-only analysis, no file modifications |
Recommendations:
- Prefer explicit commands (e.g.,
/skill-permissions allow port-allocator) - Avoid
injectorallow-allunless you understand the impact - Run
/skill-permissionsfirst to see analysis results before batch operations
Usage
| Command | Description |
|---------|-------------|
| /skill-permissions | Analyze all skills and show permission summary |
| /skill-permissions <skill-name> | Analyze specific skill's permission requirements |
| /skill-permissions allow <skill-name> | Execute one-time authorization for specific skill |
| /skill-permissions allow-all | Execute one-time authorization for all skills |
| /skill-permissions inject | Inject allow command into all skills |
| /skill-permissions allow | Execute one-time authorization for this skill |
How It Works
1. Permission Analysis
Scan skill's SKILL.md file, identifying patterns like:
Bash Command Patterns:
find * → Bash(find *)
ls * → Bash(ls *)
cat ~/.claude/* → Bash(cat ~/.claude/*)
lsof -i:3* → Bash(lsof -i:3*)
git * → Bash(git *)
npm * → Bash(npm *)
Recognition Rules:
- Bash commands in code blocks (
bash ...) - Inline commands (
command) - Explicitly mentioned system commands
2. Permission Rule Generation
Convert identified commands to permissions.allow rules:
{
"permissions": {
"allow": [
"Bash(find * -name package.json *)",
"Bash(ls -d *)",
"Bash(cat ~/.claude/*)",
"Bash(lsof -i:3*)"
]
}
}
Execution Steps
Command: /skill-permissions
Analyze all skills and show permission summary:
-
Scan all skills
find ~/.claude/skills -name "SKILL.md" -type f 2>/dev/null -
Analyze permissions for each skill
- Read SKILL.md content
- Extract bash code blocks
- Identify command patterns
- Generate permission rules
-
Output analysis results
Command: /skill-permissions <skill-name>
Analyze specific skill's permission requirements:
-
Locate skill
SKILL_PATH=$(find ~/.claude/skills -type d -name "<skill-name>" 2>/dev/null | head -1) -
Read and analyze SKILL.md
-
Output detailed permission list
Command: /skill-permissions allow <skill-name>
Execute one-time authorization for specific skill:
- Analyze skill permission requirements
- Read existing config
- Merge permission rules (deduplicate, preserve existing rules)
- Write config file
- Output authorization result
Blocked Commands
The following command patterns are automatically blocked and won't be added to the allowlist:
Dangerous File Operations
| Command | Reason |
|---------|--------|
| rm * | File deletion, may cause data loss |
| rm -rf * | Recursive force delete, extremely dangerous |
| sudo * | Super user privileges |
| chmod 777 * | Opens all permissions |
Dangerous Process Operations
| Command | Reason |
|---------|--------|
| kill -9 * | Force kill process |
| pkill * | Kill processes by name |
| curl * \| bash | Remote code execution |
| eval * | Dynamic code execution |
Dangerous Git Operations
| Command | Reason |
|---------|--------|
| git push --force * | Force push, may overwrite remote |
| git reset --hard * | Hard reset, loses uncommitted changes |
Output Format
Analysis Result (Single Skill)
Skill: port-allocator
Location: ~/.claude/skills/port-allocator
Detected commands:
- find ~/Codes -maxdepth 3 -name "package.json"
- ls -d */
- cat ~/.claude/port-registry.json
- lsof -i:3000
Generated permission rules:
- Bash(find * -maxdepth * -name package.json *)
- Bash(ls -d *)
- Bash(cat ~/.claude/*)
- Bash(lsof -i:3*)
Run `/skill-permissions allow port-allocator` to authorize
Authorization Success
Permission authorization successful
Skill: port-allocator
Added permission rules:
- Bash(find * -maxdepth * -name package.json *)
- Bash(ls -d *)
- Bash(cat ~/.claude/*)
- Bash(lsof -i:3*)
Config file: ~/.claude/settings.json
New permissions take effect in next session, or run /clear to apply immediately
Configuration Files
- Permission config:
~/.claude/settings.json - Skill directory:
~/.claude/skills/
First Use
If you encounter permission prompts, first run:
/skill-permissions allow
Command: /skill-permissions allow
Execute one-time authorization for this skill:
- Read
~/.claude/settings.json - Merge the following permissions to
permissions.allow:
{
"permissions": {
"allow": [
"Bash(find ~/.claude/skills *)",
"Bash(cat ~/.claude/*)"
]
}
}
- Write config file (preserve existing permissions)
- Output authorization result
Notes
- Conservative analysis - Only identify explicitly appearing commands, avoid over-authorization
- Deduplicated merge - New permissions merge with existing, no duplicates
- No deletion - Only adds permissions, won't delete user's existing permission config
- Wildcards - Use
*to match varying parameter parts - Session effect - Permission updates require new session or /clear to take effect
- Explicit preferred - Recommend explicit commands over batch operations to reduce risks