[FEATURE] Agent SDK: Support individual skill permissions like CLI

Resolved 💬 2 comments Opened Feb 17, 2026 by vellum-greg Closed Feb 17, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Claude Code CLI supports granular skill permissions via settings.json:

{
  "permissions": {
    "allow": ["Skill(my-skill)", "Skill(ops-*)"],
    "deny": ["Skill(deploy-*)"]
  }
}

However, the Claude Agent SDK does not support this granularity. The SDK only allows enabling/disabling the Skill tool globally via allowedTools:

options = ClaudeAgentOptions(
    allowed_tools=["Skill", "Read", "Grep"]  # All skills or no skills
)

This creates a feature gap where CLI users have fine-grained control over which skills are available, but SDK users building custom agents cannot achieve the same level of control. These fine-grained controls exist for MCP tools.

Proposed Solution

Add support for individual skill permissions in the Agent SDK, matching the CLI behavior:

Option A: Permission rules in SDK options

options = ClaudeAgentOptions(
    permissions={
        "allow": ["Skill(safe-reader)", "Skill(ops-*)"],
        "deny": ["Skill(deploy-*)"]
    }
)

Option B: Skill-specific allowlist

options = ClaudeAgentOptions(
    allowed_skills=["safe-reader", "ops-query-patterns"],
    denied_skills=["deploy-*"]
)

Use Case Example

If I want to run multiple agents sharing a set of skills inside of a repo, I'd like to expose different skills to different agents:

  • Agent1 should only access sql-* skills
  • Agent2 can access all skills except cmd-*
  • Agent3 have unrestricted access

With CLI, this is achievable via permission rules. With SDK, I must either:

  1. Allow all skills (too permissive)
  2. Deny all skills (too restrictive)
  3. Implement custom hook-based filtering (complex workaround)

Alternative Solutions

  1. Use hooks to inspect and filter skill invocations at runtime - works but adds complexity
  2. Dynamically modify the skills directory per request - fragile and not thread-safe
  3. Use MCP tools instead of skills - MCP has full permission support but loses skill ergonomics

Priority

Low - Workarounds exist but add unnecessary complexity

Feature Category

SDK / API

Additional Context

Related closed issues that added skill permissions to CLI:

  • #10833 - Skill-level permissions
  • #14154 - Add Skill() to permissions pattern in JSON schema

The allowed-tools frontmatter in SKILL.md also doesn't apply when using skills through the SDK (per documentation), further widening the CLI vs SDK gap.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗