name: skill-permissions
description: Skill permission analysis, one-time authorization, analyze skill permissions, batch authorization

Skill Permissions

Automatically analyze permissions required by all skills in Claude Code and generate one-time authorization commands.

Dangerous Operations Warning

This skill can modify other skill files. The following commands may cause widespread file changes:

Recommendations:
- Prefer explicit commands (e.g., /skill-permissions allow port-allocator)
- Avoid inject or allow-all unless you understand the impact
- Run /skill-permissions first to see analysis results before batch operations

Usage

How It Works

1. Permission Analysis

Scan skill's SKILL.md file, identifying patterns like:

Bash Command Patterns:

find * → Bash(find *)
ls * → Bash(ls *)
cat ~/.claude/* → Bash(cat ~/.claude/*)
lsof -i:3* → Bash(lsof -i:3*)
git * → Bash(git *)
npm * → Bash(npm *)

Recognition Rules:
- Bash commands in code blocks (bash ...)
- Inline commands (command)
- Explicitly mentioned system commands

2. Permission Rule Generation

Convert identified commands to permissions.allow rules:

{
  "permissions": {
    "allow": [
      "Bash(find * -name package.json *)",
      "Bash(ls -d *)",
      "Bash(cat ~/.claude/*)",
      "Bash(lsof -i:3*)"
    ]
  }
}

Execution Steps

Command: /skill-permissions

Analyze all skills and show permission summary:

1. Scan all skills
   bash find ~/.claude/skills -name "SKILL.md" -type f 2>/dev/null

2. Analyze permissions for each skill

3. Read SKILL.md content
4. Extract bash code blocks
5. Identify command patterns

6. Generate permission rules

7. Output analysis results

Command: /skill-permissions <skill-name>

Analyze specific skill's permission requirements:

1. Locate skill
   bash SKILL_PATH=$(find ~/.claude/skills -type d -name "<skill-name>" 2>/dev/null | head -1)

2. Read and analyze SKILL.md

3. Output detailed permission list

Command: /skill-permissions allow <skill-name>

Execute one-time authorization for specific skill:

1. Analyze skill permission requirements
2. Read existing config
3. Merge permission rules (deduplicate, preserve existing rules)
4. Write config file
5. Output authorization result

Blocked Commands

The following command patterns are automatically blocked and won't be added to the allowlist:

Dangerous File Operations

Dangerous Process Operations

Dangerous Git Operations

Output Format

Analysis Result (Single Skill)

Skill: port-allocator
Location: ~/.claude/skills/port-allocator

Detected commands:
  - find ~/Codes -maxdepth 3 -name "package.json"
  - ls -d */
  - cat ~/.claude/port-registry.json
  - lsof -i:3000

Generated permission rules:
  - Bash(find * -maxdepth * -name package.json *)
  - Bash(ls -d *)
  - Bash(cat ~/.claude/*)
  - Bash(lsof -i:3*)

Run `/skill-permissions allow port-allocator` to authorize

Authorization Success

Permission authorization successful

Skill: port-allocator

Added permission rules:
  - Bash(find * -maxdepth * -name package.json *)
  - Bash(ls -d *)
  - Bash(cat ~/.claude/*)
  - Bash(lsof -i:3*)

Config file: ~/.claude/settings.json

New permissions take effect in next session, or run /clear to apply immediately

Configuration Files

• Permission config: ~/.claude/settings.json
• Skill directory: ~/.claude/skills/

First Use

If you encounter permission prompts, first run:

/skill-permissions allow

Command: /skill-permissions allow

Execute one-time authorization for this skill:

1. Read ~/.claude/settings.json
2. Merge the following permissions to permissions.allow:

{
  "permissions": {
    "allow": [
      "Bash(find ~/.claude/skills *)",
      "Bash(cat ~/.claude/*)"
    ]
  }
}

1. Write config file (preserve existing permissions)
2. Output authorization result

Notes

1. Conservative analysis - Only identify explicitly appearing commands, avoid over-authorization
2. Deduplicated merge - New permissions merge with existing, no duplicates
3. No deletion - Only adds permissions, won't delete user's existing permission config
4. Wildcards - Use * to match varying parameter parts
5. Session effect - Permission updates require new session or /clear to take effect
6. Explicit preferred - Recommend explicit commands over batch operations to reduce risks