UX: allowed-tools message implies restriction but field only pre-authorizes listed tools
Update
Initial report was incorrect. Retesting in --permission-mode default confirmed the field works as designed.
Correct behavior (confirmed):
- Tools in
allowed-toolsexecute without prompting — pre-authorized - Tools outside
allowed-toolsprompt for approval as normal — not blocked, not pre-authorized
The original test was run in auto-approve mode, making all tools execute freely regardless of the field. That made the field appear inert when it was working correctly.
Remaining UX issue
The "X tools allowed" message displayed when a skill loads implies restriction ("only these tools are allowed") rather than pre-authorization ("these tools don't need approval"). A user reading that message would reasonably assume unlisted tools are blocked.
Suggested message: "X tools pre-approved" or "X tools require no approval" would better reflect the actual behavior.
Environment
- Claude Code v2.1.74
--permission-mode default- Skill in
~/.claude/skills/(locally installed)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗