OpenSkillIndex← back to search
claude-codedevops

Claude-skill-registry claude-permissions-update

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/claude-permissions-update" ~/.claude/skills/majiayu000-claude-skill-registry-claude-permissions-update && rm -rf "$T"
manifest: skills/data/claude-permissions-update/SKILL.md
tags
#permission-sync#directory-scanning#settings-management#claude-integration
source content

Claude Permissions Update

Use this skill to consolidate auto-approved permissions from all your community-patterns workspaces.

Overview

When you work across multiple community-patterns directories (e.g., community-patterns, community-patterns-2, etc.), you accumulate different auto-approved permissions in each directory's 

.claude/settings.local.json
. This skill helps you:

  1. Find all community-patterns directories
  2. Gather all auto-approved permissions
  3. Compare with the project-level 
    .claude/settings.json
  4. Filter out junk and path-specific permissions automatically
  5. Show new permissions for your review by category
  6. Let you select which to add to the shared settings

Important: Local Settings Contain Junk

WARNING: The 

settings.local.json
files often contain accidentally auto-approved garbage:

  • Commit message fragments
  • Shell script fragments like 
    Bash(do)
    , 
    Bash(fi)
    , 
    Bash(then ...)
  • Markdown content from heredocs
  • Path-specific permissions like 
    Bash(../community-patterns-2/patterns/...)

The filtering step below is CRITICAL to avoid polluting project settings.

Step 1: Scan and Gather Permissions

# Find all community-patterns directories
echo "=== Scanning community-patterns directories ==="
for dir in /Users/alex/Code/community-patterns*; do
  echo "Found: $dir"
done

Step 2: Extract and Filter New Permissions

# Get all local permissions (deduplicated)
ALL_LOCAL=$(for dir in /Users/alex/Code/community-patterns*; do
  jq -r '.permissions.allow[]?' "$dir/.claude/settings.local.json" 2>/dev/null
done | sort -u)

# Get project permissions
PROJECT_PERMS=$(jq -r '.permissions.allow[]?' .claude/settings.json 2>/dev/null | sort -u)

# Find new permissions - FILTER for valid patterns only
NEW_PERMS=$(comm -23 <(echo "$ALL_LOCAL") <(echo "$PROJECT_PERMS") | \
  grep -E '^(Bash\(|Skill\(|Read\(|WebFetch\(|mcp__|SlashCommand)')

Step 3: Categorize for Review

Present permissions in categories to help the user decide:

General Commands (with wildcards - usually worth syncing)

echo "=== General Bash commands (worth syncing) ==="
echo "$NEW_PERMS" | grep -E ':\*\)$' | grep -v '../community-patterns'

These have wildcards and are NOT path-specific. Good candidates to sync.

WebFetch Domains

echo "=== WebFetch domains ==="
echo "$NEW_PERMS" | grep '^WebFetch'

Skills and MCP Tools

echo "=== Skills ==="
echo "$NEW_PERMS" | grep '^Skill'

echo "=== MCP tools ==="
echo "$NEW_PERMS" | grep '^mcp__'

Path-Specific (SKIP these)

echo "=== Path-specific permissions (SKIP) ==="
echo "$NEW_PERMS" | grep '../community-patterns'

These are specific to a particular checkout and should NOT be synced.

Step 4: Review with User

Use AskUserQuestion to walk through each category:

  1. Present general Bash commands one by one or in small groups
  2. Present WebFetch domains (often safe to add all)
  3. Present Skills and MCP tools
  4. SKIP path-specific permissions automatically

Ask about each permission individually or in logical groups.

Step 5: Update Project Settings

After user approval, edit 

.claude/settings.json
to add the approved permissions to the 
permissions.allow
array.

Use the Edit tool to add each permission as a new line in the array.

Workflow Summary

  1. Scan all community-patterns-* directories
  2. Extract permissions from each 
    .claude/settings.local.json
  3. Filter - remove junk (non-permission strings) and validate format
  4. Compare with 
    .claude/settings.json
    to find new ones
  5. Categorize - separate general vs path-specific
  6. Present to user by category (skip path-specific automatically)
  7. Update project settings with approved permissions
  8. Verify JSON is valid with 
    jq . .claude/settings.json > /dev/null

What to Sync vs Skip

SYNC These (General Permissions)

  • Bash(command:*)
    - wildcarded commands
  • Bash(git subcmd:*)
    - git subcommands
  • Bash(deno task:*)
    , 
    Bash(timeout N command:*)
    - tool commands
  • WebFetch(domain:example.com)
    - domain-specific fetch
  • Skill(skill-name)
    - skill invocations
  • mcp__server__tool
    - MCP tool permissions
  • Read(//path/**)
    - read patterns with wildcards

SKIP These (Junk/Path-Specific)

  • Bash(../community-patterns-N/...)
    - relative paths to specific checkouts
  • Bash(do)
    , 
    Bash(fi)
    , 
    Bash(then ...)
    - shell fragments
  • Anything that looks like a commit message or markdown
  • Anything without parentheses or proper permission format

Notes

  • This skill does NOT modify the local settings files
  • It only adds permissions to the shared project settings
  • User must approve all additions
  • After adding to project settings, the permissions will be available across all community-patterns workspaces
  • Always verify JSON validity after editing