Stats
Actions
Tags
From ai-permission-hook
This skill should be used when the user asks to "customize permission rules", "edit permission hook local config", "add environment rules", "modify permission prompt", or wants to change machine-specific allow/deny rules for the LLM permission evaluator.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ai-permission-hook:customizeThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Edit the machine-level environment rules that are appended to the default security prompt when the LLM evaluates ambiguous commands (Tier 3 decisions).
Edit the machine-level environment rules that are appended to the default security prompt when the LLM evaluates ambiguous commands (Tier 3 decisions).
The permission hook uses a two-layer system prompt:
config/default-system-prompt.md) — generic security rules, not editable per machine~/.claude/permission-hook/local.md) — machine-specific rules appended to the default promptThis skill manages layer 2.
Read ~/.claude/permission-hook/local.md and display its contents. If the file does not exist, inform the user that no machine-specific rules are configured yet.
Also read the default prompt from ${CLAUDE_PLUGIN_ROOT}/config/default-system-prompt.md so the user understands the baseline.
Ask the user what environment-specific rules they need. Common categories:
/root/ the normal user home? (common in containers)Write or update ~/.claude/permission-hook/local.md with the user's rules in clear, natural language. The LLM reads this as part of its system prompt, so write it as instructions to the evaluator.
When adding rules to an existing file, append to the relevant section rather than rewriting the entire file. Read the current content first to preserve existing rules.
Example for a container-based development server:
## Environment Context
- This is a Proxmox LXC container where /root/ is the PRIMARY USER home directory
- Development projects live directly under /root/
- /root/ is NOT a system directory — treat it like a normal home directory
## Additional Allow Rules
- docker exec commands on matrix-* containers (matrix-taxbot, matrix-housebot, matrix-financebot, matrix-menagerie, matrix-synapse) — these are our own managed services
- Database operations (SQLite queries, SELECT, UPDATE, INSERT, DELETE, ALTER) on application databases — these are development/admin operations, not attacks
- git init, mkdir, and standard dev ops within /root/ subdirectories are normal development
## Additional Deny Rules
- Never allow commands that modify Synapse's signing key or homeserver.yaml directly
After writing, read back the file and confirm with the user that the rules look correct. Remind them that changes take effect on the next Tier 3 LLM evaluation (no restart needed — the prompt is read fresh each time).
npx claudepluginhub thenemal/thenemal-cc-marketplace --plugin ai-permission-hookProvides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.