permission-analyzer_skill

This skill analyzes session history to generate precise Claude Code permissions and helps merge them into settings.
  • Python

16

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill arjenschwarz/agentic-coding --skill permission-analyzer

  • SKILL.md1.9 KB

Overview

This skill generates a Claude Code permissions configuration by analyzing past session logs and extracting which Bash commands and MCP tools were actually used. It produces a JSON permissions block with allow/deny lists and a default mode, and can merge that block into an existing .claude/settings.json while preserving other settings. Use it to avoid broad permissive flags and to run autonomous agents with minimal required access.

How this skill works

The analyzer scans session history and looks for executed Bash commands and referenced MCP servers/tools. It summarizes counts of commands, identifies filesystem and development tooling usage, and emits a permissions JSON with allow wildcards and a conservative deny list for sensitive operations. When a settings file exists, the script offers to merge only the permissions key or replace user rules, keeping model, env, and other configuration intact.

When to use it

  • Setting up autonomous mode or configuring .claude/settings.json for a project
  • Before using --dangerously-skip-permissions to avoid granting excessive access
  • Auditing what real tools and commands a project actually needs
  • Preparing a least-privilege permissions policy for CI, bots, or local agents
  • After a period of interactive sessions to refresh permissions based on recent usage

Best practices

  • Run the analyzer in the project root so paths and commands are detected accurately
  • Review generated allow rules and remove broad wildcards you don’t trust
  • Keep deny list conservative: block destructive git, secret management, and sensitive file patterns by default
  • When merging, prefer manual review if you or teammates have custom security rules
  • Re-run after major tooling changes or new integrations to keep permissions up to date

Example use cases

  • Create a minimal permissions block that allows git and build tools used in recent sessions (git, make, go)
  • Detect and deny sensitive patterns like .env, secrets/, *.pem and remove risky commands such as rm -rf or sudo
  • Merge generated permissions into an existing .claude/settings.json while preserving model and env variables
  • Audit historical session activity to document which MCP servers or custom tools were actually exercised
  • Generate a permissions baseline before enabling an autonomous workflow for CI agents

FAQ

The script prints a summary to stderr and the full JSON permissions block to stdout for easy redirection or review.

Will it overwrite my existing settings file?

It will not overwrite unrelated settings; you can choose to merge the permissions section or replace existing permission rules after review.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational