Feature: Skill-scoped permission grants

Resolved 💬 3 comments Opened Jan 14, 2026 by alex-rocketable Closed Jan 15, 2026

Summary

Allow skills to declare required tool permissions upfront, prompting users to approve them in batch when the skill is invoked rather than interrupting for each individual tool call.

Use Case

When using a skill like capturing screenshots with Playwright for PR documentation, the workflow requires multiple tool calls:

  1. browser_navigate - Go to the page
  2. browser_snapshot - Get element references
  3. browser_click - Interact (expand menus, open modals)
  4. browser_take_screenshot - Capture the result
  5. Repeat steps 2-4 several times
  6. browser_close - Clean up

Currently, each tool call prompts individually, requiring 10-15 permission approvals for a single screenshot session. This breaks flow and makes the skill tedious to use.

Proposed Solution

1. Skill permission declaration

Allow skills to declare required permissions in their frontmatter:

---
name: pr-screenshots
description: Capture screenshots with Playwright for PR documentation
permissions:
  - mcp__plugin_playwright_playwright__browser_navigate
  - mcp__plugin_playwright_playwright__browser_snapshot
  - mcp__plugin_playwright_playwright__browser_take_screenshot
  - mcp__plugin_playwright_playwright__browser_click
  - mcp__plugin_playwright_playwright__browser_close
---

2. Batch approval prompt on skill invocation

When the skill is invoked, present the permission request upfront:

Skill "pr-screenshots" wants to use:
☑ browser_navigate
☑ browser_snapshot  
☑ browser_take_screenshot
☑ browser_click
☑ browser_close

[Approve All] [Select...] [Deny]

3. Session-scoped grants

Approved permissions would be:

  • Scoped to the current skill invocation (or optionally the session)
  • Not persisted to settings.json
  • Revocable by the user at any time

Alternatives Considered

  1. Add to global allowlist - Works but grants permanent access, which may be too broad for powerful tools like Playwright that can click/type on any page
  1. Click through each prompt - Current behavior, tedious for multi-step workflows
  1. Plan mode allowedPrompts - Only works for Bash commands, not MCP tools

Additional Context

This pattern is similar to how mobile apps request permissions - declared upfront, approved in context, scoped appropriately. It balances security (user still approves) with usability (single approval vs. many).

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗