Stats
Actions
Tags
From permissions-audit
Audit and organize Claude Code permissions in settings.json/settings.local.json. Clean up accumulated permissions, properly distribute settings between global and project levels, and consolidate to wildcard notation. Use triggers like "audit permissions", "clean up settings", "organize settings.json", "permissions inventory".
How this skill is triggered — by the user, by Claude, or both
Slash command
/permissions-audit:permissions-auditThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
A skill for auditing and organizing Claude Code settings file permissions.
A skill for auditing and organizing Claude Code settings file permissions.
Read the following 3 files:
~/.claude/settings.json # Global settings
.claude/settings.json # Project shared settings
.claude/settings.local.json # Project local settings
Notes:
~/.claude/settings.local.json is NOT loaded by Claude Code (only project-level .claude/settings.local.json is effective)Analyze the allow list from the following perspectives:
| Issue | Example |
|---|---|
| One-time permissions | Bash(git -C /path/to/repo log --oneline) |
| Can be wildcarded | Bash(git log:*) exists but Bash(git log --oneline -5) also present |
| Global/local conflicts | Denied globally, allowed locally |
| Environment-specific paths | Edit(~/myproject/**) with specific paths |
| Destructive operations | Bash(docker * prune:*) and other delete commands |
| Deviation from recommendations | Commands in allow that are not recommended |
Items to confirm with user (batch confirm via AskUserQuestion):
| Location | Content |
|---|---|
| Global allow | Universal commands (git, cat, jq, etc.) |
| Global deny | Dangerous commands (sudo, ssh, etc.) |
| Project shared | Project-specific (./gradlew, mysql, etc.) |
| Project local | Temporary permissions only (keep empty) |
See references/recommended-settings.md for details.
After changing settings, verify:
git status # git commands
curl --version # curl (if allowed)
env # should be denied
Important: A new session is required for settings to take effect.
npx claudepluginhub makikub/claude-code-plugin --plugin permissions-auditAudits .claude/settings.local.json permissions for dangerous patterns like hook bypasses (git push:*), destructive commands (rm -rf:*), and config injection vectors. Use periodically, after granting permissions, or for security hygiene.
Explains Claude Code settings hierarchy, permission wildcards, allow/deny patterns, and tool configurations. Use for setting up project permissions, debugging access issues, or understanding tool blocks.
Extracts safe Bash commands from Claude Code session history and auto-updates settings.json allowlist to minimize permission prompts.