Stats
Actions
Tags
From claude-gatekeeper
Use when the user wants to promote manually-approved Bash commands into permanent gatekeeper allow rules, or when reviewing session history to reduce permission prompts
How this skill is triggered — by the user, by Claude, or both
Slash command
/claude-gatekeeper:learn-approvalsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Mine session history for Bash commands that were manually approved and promote them into `gatekeeper.toml` allow rules.
Mine session history for Bash commands that were manually approved and promote them into gatekeeper.toml allow rules.
Read ~/.claude/gatekeeper.toml and build a list of every command pattern already covered by allow rules.
Find recent session JSONL files (newest 5-6 by mtime). Search for Bash tool calls and extract the leading command from each. Common locations:
~/.claude/projects/*/sessions/~/.openclaw/agents/*/sessions/*.jsonlFor each command found, test whether it matches an existing allow rule. Commands that don't match are candidates — the user had to manually approve them.
Deduplicate by command name, not by full invocation. Report ssh once, not 115 individual ssh spark ... calls.
settings.local.json~/.claude/settings.local.json accumulates per-session approvals in permissions.allow. Entries like Bash(ssh:*) indicate commands the user has approved before but that aren't in the gatekeeper yet.
Show the user a table of candidate commands before writing rules:
| Command | Source | Occurrences |
|---|---|---|
ssh | sessions + settings.local.json | 115 |
scp | sessions | 6 |
Add new [[rules]] blocks to ~/.claude/gatekeeper.toml. Follow the existing style:
# =============================================================================
# ALLOW — Description of group
# =============================================================================
[[rules]]
tool = 'Bash'
input = '(?:^|[|;&]\s*)(?:cmd1|cmd2)(?:\s|$)'
decision = "allow"
reason = "Short description"
Group related commands into a single rule where sensible (e.g., ssh|scp together).
Remove entries from settings.local.json permissions.allow that are now redundant with gatekeeper rules. Keep entries that:
Watch for secrets. If an entry embeds API keys or credentials inline (e.g., Bash(API_KEY=sk-... some-tool:*)), remove it and advise the user to set the variable in their shell environment instead.
| Field | Purpose |
|---|---|
tool | Tool name regex: 'Bash', 'Read', 'Read|Write' |
input | PCRE2 regex matched against tool input |
decision | "allow" or "deny" (deny always wins) |
reason | Human-readable explanation |
precondition | Optional shell command for context-dependent rules |
precondition_match | Regex matched against precondition stdout |
Use TOML single-quoted strings ('...') to avoid double-escaping regex.
'.*' as a Bash allow defeats the gatekeeper. Match specific commands.(?:\s|$) after command names so kill doesn't match pkill.ssh, scp, sftp, rsync, sshfs should be one rule.npx claudepluginhub jim80net/claude-plugins --plugin claude-gatekeeperExtracts safe Bash commands from Claude Code session history and auto-updates settings.json allowlist to minimize permission prompts.
Analyzes permission denial patterns and generates optimized alwaysAllow and alwaysDeny rules to reduce prompt fatigue.
Recommends safe Bash permissions for Elixir/Phoenix mix commands by scanning session transcripts and updating VSCode settings.json to reduce permission prompts.