Feature request: skill-scoped tool permissions
Summary
Skills (.claude/skills/<name>/SKILL.md) have no way to scope tool/bash permissions to themselves. All permissions in settings.local.json are project-wide — you either grant a permission globally or accept approval prompts every time the skill runs.
Proposed solution
Support a permissions block in skill frontmatter that only applies when that skill is actively running:
---
name: my-skill
description: Does a specific automated task
permissions:
allow:
- "Bash(some-cli command*)"
- "Bash(another-tool *)"
---
Alternatively, support a settings.json sidecar file in the skill directory that scopes permissions to that skill's execution context.
Current workaround
Add permissions to .claude/settings.local.json (project-wide) or accept approval prompts on every invocation.
Why this matters
Skills are often purpose-built automations with a well-defined, safe set of commands. Granting those permissions project-wide is overly broad. Skill-scoped permissions would allow users to pre-approve the right commands for the right context, without widening the attack surface elsewhere in the project.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗