0xDarkMatter/setperms
skills/setperms/SKILL.md
Set tool permissions for Claude Code. Configures allowed commands, rules, and preferences in .claude/ directory. Triggers on: setperms, init tools, configure permissions, setup project, set permissions, init claude.
$ install --global
skillsauthnpx skillsauth add 0xDarkMatter/claude-mods setpermsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 25, 2026, 2:07 AM27.7s1 file scanned
SKILL.md
- name:
- setperms
- description:
- Set tool permissions for Claude Code. Configures allowed commands, rules, and preferences in .claude/ directory. Triggers on: setperms, init tools, configure permissions, setup project, set permissions, init claude.
- license:
- MIT
- compatibility:
- Creates project-local .claude/ configuration.
- allowed-tools:
- Read Write Bash
- author:
- claude-mods
/setperms
Initialize Claude Code with modern dev-shell-tools for a comfortable development experience.
What This Does
Installs complete dev environment setup:
- Permissions (
.claude/settings.local.json) - Pre-approved CLI tools - Rules (
.claude/rules/cli-tools.md) - Instructions to prefer modern tools
Tools from dev-shell-tools:
Core Tools:
- Git: Full git access, lazygit, gh (GitHub CLI), delta, difft
- File ops: ls, mkdir, cat, wc, tree, eza, bat, chmod
- Search: rg (ripgrep), fd, fzf, ast-grep/sg
- Navigation: zoxide/z, broot/br
- Data processing: jq, yq, sd, xargs
- Analysis: tokei, procs, hyperfine, dust
Dev Tools:
- Package managers: npm, npx, node, pnpm, yarn, bun, python, uv, pip, cargo, go, brew
- Build tools: just, make, bash, rustc
- Network: curl, http (httpie), firecrawl, markitdown
- Containers: docker, docker-compose
- Archives: tar, zip, unzip
- Testing: pytest
- Data: sort, uniq, cut, tr, xargs, tee, head, tail, diff
- Documentation: tldr
- Windows: powershell
AI CLI Tools:
- gemini: Google Gemini CLI (2M context)
- claude: Anthropic Claude CLI
- codex: OpenAI Codex CLI
- perplexity: Perplexity CLI (web search)
Execution Flow
/setperms
|
+-- Check for existing .claude/ files
| +-- If exists: Ask to overwrite or skip
| +-- If not: Proceed
|
+-- Create .claude directory
+-- Create .claude/rules directory
|
+-- Write settings.local.json (permissions)
+-- Ensure .gitignore excludes settings.local.json (secret-safety)
+-- Write rules/cli-tools.md (tool preferences)
Instructions
Step 1: Check for existing settings
ls -la .claude/settings.local.json 2>/dev/null
ls -la .claude/rules/cli-tools.md 2>/dev/null
If files exist, ask user:
- Overwrite: Replace entirely
- Skip: Keep existing, do nothing
Step 2: Create directories
mkdir -p .claude/rules
Step 3: Write permissions file
Write to .claude/settings.local.json:
{
"permissions": {
"allow": [
"Bash(git:*)",
"Bash(ls:*)",
"Bash(mkdir:*)",
"Bash(cat:*)",
"Bash(wc:*)",
"Bash(tree:*)",
"Bash(curl:*)",
"Bash(rg:*)",
"Bash(fd:*)",
"Bash(fzf:*)",
"Bash(z:*)",
"Bash(zoxide:*)",
"Bash(br:*)",
"Bash(broot:*)",
"Bash(ast-grep:*)",
"Bash(sg:*)",
"Bash(bat:*)",
"Bash(eza:*)",
"Bash(delta:*)",
"Bash(difft:*)",
"Bash(jq:*)",
"Bash(yq:*)",
"Bash(sd:*)",
"Bash(lazygit:*)",
"Bash(gh:*)",
"Bash(tokei:*)",
"Bash(uv:*)",
"Bash(just:*)",
"Bash(http:*)",
"Bash(procs:*)",
"Bash(hyperfine:*)",
"Bash(npm:*)",
"Bash(npx:*)",
"Bash(node:*)",
"Bash(pnpm:*)",
"Bash(yarn:*)",
"Bash(bun:*)",
"Bash(python:*)",
"Bash(pip:*)",
"Bash(cargo:*)",
"Bash(go:*)",
"Bash(rustc:*)",
"Bash(pytest:*)",
"Bash(make:*)",
"Bash(docker:*)",
"Bash(docker-compose:*)",
"Bash(powershell -Command:*)",
"Bash(powershell.exe:*)",
"Bash(bash:*)",
"Bash(chmod:*)",
"Bash(sort:*)",
"Bash(uniq:*)",
"Bash(cut:*)",
"Bash(tr:*)",
"Bash(xargs:*)",
"Bash(tee:*)",
"Bash(head:*)",
"Bash(tail:*)",
"Bash(diff:*)",
"Bash(tar:*)",
"Bash(zip:*)",
"Bash(unzip:*)",
"Bash(command -v:*)",
"Bash(brew:*)",
"Bash(tldr:*)",
"Bash(dust:*)",
"Bash(btm:*)",
"Bash(bottom:*)",
"Bash(markitdown:*)",
"Bash(firecrawl:*)",
"Bash(gemini:*)",
"Bash(claude:*)",
"Bash(codex:*)",
"Bash(perplexity:*)"
],
"deny": [],
"ask": [
"Bash(git reset --hard:*)",
"Bash(git checkout -- :*)",
"Bash(git clean -f:*)",
"Bash(git stash drop:*)",
"Bash(git stash clear:*)",
"Bash(git restore --worktree:*)",
"Bash(git push --force:*)",
"Bash(git push -f:*)",
"Bash(git push origin --force:*)",
"Bash(git push origin -f:*)",
"Bash(git branch -D:*)"
]
},
"hooks": {}
}
Step 3b: Protect settings.local.json from git (mandatory)
settings.local.json is user-specific and frequently accumulates secrets in
permission rules (an API key baked into a Bash(...) allow entry, a token in a
custom command). It must never reach a remote. Before finishing, ensure the repo
root .gitignore excludes it:
# Add the rule only if it's not already present
grep -qxF '.claude/settings.local.json' .gitignore 2>/dev/null \
|| printf '\n# Local settings (user-specific; may contain API keys)\n.claude/settings.local.json\n' >> .gitignore
# If it was already tracked from a prior commit, stop tracking it (keeps the file)
git ls-files --error-unmatch .claude/settings.local.json >/dev/null 2>&1 \
&& git rm --cached .claude/settings.local.json
Skip silently if the project has no git repo. This pairs with the git-ops
push-safety gate, which also refuses any push that adds .claude/settings.local.json
— defense in depth so a leaked key can't recur.
Step 4: Write rules file
Write to .claude/rules/cli-tools.md:
# CLI Tool Preferences (dev-shell-tools)
ALWAYS prefer modern CLI tools over traditional alternatives.
## File Search & Navigation
| Instead of | Use | Why |
|------------|-----|-----|
| `find` | `fd` | 5x faster, respects .gitignore |
| `grep` | `rg` (ripgrep) | 10x faster, respects .gitignore |
| `ls` | `eza` | Git status, tree view |
| `cat` | `bat` | Syntax highlighting |
| `cd` + manual | `z`/`zoxide` | Frecent directories |
| `tree` | `eza --tree` | Interactive |
## Data Processing
| Instead of | Use |
|------------|-----|
| `sed` | `sd` |
| Manual JSON | `jq` |
| Manual YAML | `yq` |
## Git Operations
| Instead of | Use |
|------------|-----|
| `git diff` | `delta` or `difft` |
| Manual git | `lazygit` |
| GitHub web | `gh` |
## Code Analysis
- Line counts: `tokei`
- AST search: `ast-grep` / `sg`
- Benchmarks: `hyperfine`
- Disk usage: `dust`
## System Monitoring
| Instead of | Use |
|------------|-----|
| `du -h` | `dust` |
| `top`/`htop` | `btm` (bottom) |
## Documentation
| Instead of | Use |
|------------|-----|
| `man <cmd>` | `tldr <cmd>` |
## Python
| Instead of | Use |
|------------|-----|
| `pip` | `uv` |
| `python -m venv` | `uv venv` |
## Task Running
Prefer `just` over Makefiles.
## Web Fetching
| Priority | Tool | When to Use |
|----------|------|-------------|
| 1 | `WebFetch` | First attempt - fast, built-in |
| 2 | `r.jina.ai/URL` | JS-rendered pages, cleaner extraction |
| 3 | `firecrawl <url>` | Anti-bot bypass, blocked sites |
## AI CLI Tools
For multi-model analysis:
| Tool | Model | Best For |
|------|-------|----------|
| `gemini` | Gemini 2.5 | 2M context, large codebases |
| `claude` | Claude | Coding, analysis |
| `codex` | OpenAI | Deep reasoning |
| `perplexity` | Perplexity | Web search, current info |
## Git Safety
Destructive commands require confirmation (in "ask" list):
| Command | Risk | Safe Alternative |
|---------|------|------------------|
| `git reset --hard` | Loses uncommitted changes | `git stash` first |
| `git checkout -- <file>` | Discards file changes | `git stash` or `git diff` first |
| `git clean -fd` | Deletes untracked files | `git clean -n` (dry run) first |
| `git stash drop` | Permanently deletes stash | Check `git stash list` first |
| `git push --force` | Overwrites remote history | `git push --force-with-lease` |
| `git branch -D` | Deletes unmerged branch | `git branch -d` (safe delete) |
**Before destructive operations:**
1. Check status: `git status`
2. Check for uncommitted changes: `git diff`
3. Consider stashing: `git stash`
4. Use dry-run flags when available
Reference: https://github.com/0xDarkMatter/dev-shell-tools
Step 5: Confirm
Report to user:
Initialized Claude Code with dev-shell-tools:
Created:
.claude/settings.local.json (74 tool permissions, 11 guardrails)
.claude/rules/cli-tools.md (modern tool preferences)
Claude will now:
- Auto-approve dev-shell-tools commands
- Prefer fd over find, rg over grep, bat over cat, etc.
- Use AI CLIs for multi-model analysis
- Ask before destructive git commands (reset --hard, push --force, etc.)
To customize: edit files in .claude/
To add to git: git add .claude/
Options
| Flag | Effect |
|------|--------|
| --force | Overwrite existing without asking |
| --perms-only | Only install permissions, skip rules |
| --rules-only | Only install rules, skip permissions |
| --minimal | Minimal permissions (git, ls, cat, mkdir only) |
| --full | Add cloud/container tools (docker, kubectl, terraform, etc.) |
| --no-guardrails | Skip git safety guardrails (empty "ask" list) |
Full Template (--full)
Adds to permissions:
"Bash(podman:*)",
"Bash(kubectl:*)",
"Bash(helm:*)",
"Bash(terraform:*)",
"Bash(pulumi:*)",
"Bash(aws:*)",
"Bash(gcloud:*)",
"Bash(az:*)",
"Bash(wrangler:*)",
"Bash(flyctl:*)",
"Bash(railway:*)"
Notes
- Permissions are project-local (don't affect other projects)
- Rules instruct Claude to prefer modern tools
- Global settings in
~/.claude/still apply - Changes take effect on next tool use (no restart needed)
- Tools from: https://github.com/0xDarkMatter/dev-shell-tools
Related Skills
0xDarkMatter/ytdlp-ops
tools
VerifiedTrustedCommunity
yt-dlp operations - the media ACQUISITION layer that feeds ffmpeg-ops: format selection (-S sort vs -f filters) that avoids post-download transcodes, --download-sections clip-at-download, audio-only extraction for STT pipelines (-x --audio-format opus), playlists + --download-archive incremental channel syncs, cookies/auth (--cookies-from-browser), rate limiting and politeness, SponsorBlock mark/remove, output templates (-o), subtitle download (--write-subs/--write-auto-subs), remux-vs-recode doctrine, and failure triage (403s, throttling, geo blocks, the nsig-extraction class that means yt-dlp is outdated). Triggers on: yt-dlp, ytdlp, youtube-dl, download video, download youtube, download from youtube, download playlist, download channel, archive channel, channel sync, rip audio, youtube to mp3, youtube to mp4, save video, grab video, video downloader, download subtitles, download transcript, clip from youtube, download section, sponsorblock, cookies-from-browser, download-archive, nsig, requested format is not available, sign in to confirm, download livestream, record stream, live-from-start, premiere, impersonate.
22SKILL.mdUpdated Jun 13, 2026
0xDarkMatter/ffmpeg-ops
tools
VerifiedTrustedCommunity
Comprehensive ffmpeg/ffprobe operations - probe-first media processing: transcode and compress (H.264/H.265/AV1/Opus), frame-accurate cut/trim/concat, EDL-driven editing, color grading and .cube LUTs, audio loudnorm and mixing, STT/Whisper audio prep, subtitles, GIF and thumbnails, HLS packaging, hardware encoding (NVENC/QSV/AMF/VideoToolbox), restoration, scene and silence detection, VMAF quality gates, screen capture, yt-dlp interop. Triggers on: ffmpeg, ffprobe, transcode, convert video, compress video, encode video, extract audio, trim video, cut video, concat videos, video to gif, thumbnail, contact sheet, burn subtitles, watermark, resize video, crop video, change fps, slow motion, timelapse, loudnorm, normalize audio, audio for whisper, transcription prep, scene detection, silence detection, remove silence, color grade, LUT, tonemap HDR, vmaf, nvenc, hardware encode, hls, remux, faststart, deinterlace, stabilize video, denoise video, screen record, EDL, keyframes.
22SKILL.mdUpdated Jun 13, 2026
0xDarkMatter/payloadcms-ops
development
VerifiedTrustedCommunity
Payload CMS 3 (Next.js-native) architecture - collections, globals, fields, access control, hooks, Local API, storage adapters, and database (Postgres/MongoDB/SQLite). Use for: payload, payloadcms, payload cms, payload 3, collection config, access control, payload hooks, local api, payload fields, multi-tenant payload, payload nextjs, payload s3, payload r2, payloadcms architecture, headless cms typescript.
22SKILL.mdUpdated Jun 11, 2026
0xDarkMatter/cypress-ops
testing
VerifiedTrustedCommunity
Cypress end-to-end and component testing operations - selector/retry-ability strategy, cy.intercept network stubbing, cy.session auth, component vs e2e, flake diagnosis, CI, Test Replay. Use for: cypress, e2e test, component test, cy.get, cy.intercept, cy.session, data-cy, data-test, retry-ability, flake, flaky test, cypress.config, cy.mount, Test Replay, custom commands, fixtures.
22SKILL.mdUpdated Jun 11, 2026