skill-permission-matrix
NewReview agent SKILL.md tool permissions, side effects, and approval boundaries.
Summary
md files in a local directory to audit tool permissions, side-effect boundaries, and approval requirements.
- It helps developers enforce security and governance standards before installing or publishing agent skills.
Overview
Skill Permission Matrix
Use this skill when reviewing one or more agent SKILL.md files for tool requirements, side-effect boundaries, approval requirements, and validation commands.
Required Inputs
- •A local directory containing one or more
SKILL.mdfiles. - •Optional
skill-permission-matrix.jsonconfig withallowedToolsandapprovalPhrases.
Side-effect Boundaries
- •Reads local skill files and an optional config file.
- •Writes only when the caller redirects output or uses shell redirection.
- •Does not install, apply, approve, publish, or edit skills.
- •Does not call external services.
Approval Requirements
No approval is needed for local scans. Any decision to install, publish, or grant a skill new external action permissions remains outside this skill and requires the reviewer's normal approval workflow.
Examples
skill-permission-matrix scan ./skills --format markdown
skill-permission-matrix scan ./skills --config skill-permission-matrix.json --format jsonValidation
Run npm run smoke in this repository to scan fixture skills and confirm warnings are produced for incomplete or broad-permission examples.
Install & Usage
mkdir -p .claude/agentsAdd the configuration to .claude/agents/skill-permission-matrix.md
@skill-permission-matrixUse Cases
Usage Examples
/skill-permission-matrix scan ./skills --format markdown
/skill-permission-matrix scan ./skills --config skill-permission-matrix.json --format json
Scan the skills directory for permission issues and output a JSON report.
Security Audits
Frequently Asked Questions
What is skill-permission-matrix?
This skill scans SKILL.md files in a local directory to audit tool permissions, side-effect boundaries, and approval requirements. It helps developers enforce security and governance standards before installing or publishing agent skills.
How to install skill-permission-matrix?
To install skill-permission-matrix: create the agents directory (mkdir -p .claude/agents), then add the config to .claude/agents/skill-permission-matrix.md. Finally, @skill-permission-matrix in Claude Code.
What is skill-permission-matrix best for?
skill-permission-matrix is a agent categorized under General. It is designed for: code-review, agent. Created by rogerchappel.
What can I use skill-permission-matrix for?
skill-permission-matrix is useful for: Review a new skill submission to ensure it only requests necessary tools and has clear approval boundaries.; Audit all skills in a shared repository to identify those with overly broad permissions or missing side-effect declarations.; Generate a markdown report of tool permissions across multiple skills for a team security review.; Compare a skill's declared permissions against an organization's allowed tools and approval phrases configuration.; Validate that a skill's approval requirements match the expected workflow before merging a pull request.; Quickly check if a skill has any external side effects before granting it access to production systems..