Feature request: skill-scoped tool permissions

Resolved 💬 2 comments Opened Mar 16, 2026 by ocasta181 Closed Apr 14, 2026

Summary

Skills (.claude/skills/<name>/SKILL.md) have no way to scope tool/bash permissions to themselves. All permissions in settings.local.json are project-wide — you either grant a permission globally or accept approval prompts every time the skill runs.

Proposed solution

Support a permissions block in skill frontmatter that only applies when that skill is actively running:

---
name: my-skill
description: Does a specific automated task
permissions:
  allow:
    - "Bash(some-cli command*)"
    - "Bash(another-tool *)"
---

Alternatively, support a settings.json sidecar file in the skill directory that scopes permissions to that skill's execution context.

Current workaround

Add permissions to .claude/settings.local.json (project-wide) or accept approval prompts on every invocation.

Why this matters

Skills are often purpose-built automations with a well-defined, safe set of commands. Granting those permissions project-wide is overly broad. Skill-scoped permissions would allow users to pre-approve the right commands for the right context, without widening the attack surface elsewhere in the project.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗