arndvs/press1-check
skills/press1-check/SKILL.md
Use when Claude Code sessions had many manual approval ("press 1") prompts or when auditing hook permissions; identifies which Bash commands required approval.
development
Updated May 21, 2026
$ install --global
skillsauthnpx skillsauth add arndvs/ctrlshft press1-checkInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 21, 2026, 2:17 AM185.8s2 files scanned
SKILL.md
- name:
- press1-check
- description:
- Use when Claude Code sessions had many manual approval ("press 1") prompts or when auditing hook permissions; identifies which Bash commands required approval.
/press1-check — Permission Audit
Output "Read Press1 Check skill." to chat to acknowledge you read this file.
Audit which Bash commands triggered manual approval prompts in Claude Code sessions.
When to invoke
- After sessions with many "press 1 to approve" prompts
- Periodically (every 5-10 sessions) to keep the allow-list current
- When the user says "permission audit" or "press1-check"
- Before proposing new hooks that add Bash commands
How it runs
Two paths:
- Manual: type
/press1-checkto force a re-audit. Default mode is since the last run (state-tracked at~/.claude/state/press1-check.json), so the typical run only surfaces new ground. - Auto (optional): the script supports
--auto-stop-hookmode designed to be wired as a Claude CodeStophook. 6-hour cooldown. When LOW-risk additions are found, a one-shot summary surfaces in the next session-start priority snapshot.
Usage
# Since the last run (default, state-tracked)
python3 skills/press1-check/audit-permissions.py
# Last N days across all project dirs
python3 skills/press1-check/audit-permissions.py --days 7
# Only the single most recent session
python3 skills/press1-check/audit-permissions.py --latest-session
# All sessions from the last 24h
python3 skills/press1-check/audit-permissions.py --all-recent
# All sessions since a date
python3 skills/press1-check/audit-permissions.py --since 2026-04-10
# Specific session (prefix match OK)
python3 skills/press1-check/audit-permissions.py <session-id>
Steps (when invoking via /press1-check)
- Run
python3 <skill-path>/audit-permissions.pywith any arguments the user provided. Default audits since~/.claude/state/press1-check.json#last_run_ts(bootstraps to last 3 days when state is missing). - Display the output to the user exactly as printed (includes color-coded risk levels).
- If LOW-risk suggestions appear, add them to
~/.claude/settings.json(read-only commands are safe). Skip env-var-prefix suggestions likeBash(WT=*)— they don't generalize. - Do NOT auto-add MEDIUM or HIGH risk commands without explicit approval.
- After editing
~/.claude/settings.json, re-run the audit and report before/after counts so the user sees the coverage delta. - Each successful interactive run updates the state file — the next run is automatically scoped to "since now."
Risk Classification
| Risk | Color | Policy | Example |
|------|-------|--------|---------|
| HIGH | Red | Keep gated — destructive or hard to reverse | rm, sudo, git reset --hard, DROP TABLE |
| MEDIUM | Yellow | Review case-by-case — side effects outside local repo | gh pr create, curl, docker, pip install |
| LOW | Green | Safe to allow-list — read-only or local-only | cat, ls, grep, wc |
Constraints
- Never auto-add MEDIUM or HIGH risk commands
- The script never auto-applies changes — it surfaces and proposes
- State-tracked incremental runs prevent audit fatigue
- Subagent awareness: detects
*/subagents/*.jsonland tags findings
Related Skills
arndvs/visual-feedback
development
VerifiedTrustedCommunity
Use when implementing UI, checking dark/light mode, or validating animations — adds a visual feedback loop via browser screenshots so frontend changes are verified, not assumed.
SKILL.mdUpdated May 21, 2026
arndvs/plan-archive
tools
VerifiedTrustedCommunity
Use after merging a PR or during periodic cleanup to archive plan-mode files by linking them to merged PRs.
SKILL.mdUpdated May 21, 2026
arndvs/grill-with-docs
testing
VerifiedTrustedCommunity
Use when stress-testing a plan against the project's domain model — grills the design, sharpens terminology, and updates documentation (CONTEXT.md, ADRs) inline as decisions crystallise.
SKILL.mdUpdated May 21, 2026
arndvs/session-close
testing
VerifiedTrustedCommunity
Pre-flight checklist that runs quality gates before ending a coding session.
SKILL.mdUpdated May 19, 2026