Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

rohitg00/permission-tuner

Name: permission-tuner
Author: rohitg00

skills/permission-tuner/SKILL.md

npx skillsauth add rohitg00/pro-workflow permission-tuner

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Permission Tuner

Reduce permission prompt fatigue by analyzing denial patterns and suggesting targeted rules.

Trigger

Use when:

Permission prompts interrupt flow repeatedly
Starting a new project and want to configure permissions
After a session with many manual approvals

Workflow

Scan recent session data for permission patterns
Identify frequently-approved tools and patterns
Generate safe alwaysAllow rules
Present rules for approval before applying

Analysis

Step 1: Gather Permission Data

Check current permission rules:

cat .claude/settings.json 2>/dev/null | grep -A 20 "permissions"
cat ~/.claude/settings.json 2>/dev/null | grep -A 20 "permissions"

Step 2: Identify Safe Patterns

Allow-list candidates (low risk):

Read — all file reads (read-only, no side effects)
Glob — file pattern matching (read-only)
Grep — content search (read-only)
Bash(git status) — read-only git commands
Bash(git diff*) — read-only git commands
Bash(git log*) — read-only git commands
Bash(npm test*) — test execution
Bash(npm run lint*) — linting
Bash(npm run typecheck*) — type checking

Ask candidates (medium risk — prompt user every time):

Edit — file modifications
Write — new file creation
Bash(git add*) — staging changes
Bash(git commit*) — creating commits
Bash(npm install*) — dependency changes

Deny-list candidates (high risk):

Bash(git push*) — affects remote
Bash(git reset --hard*) — destructive
Bash(rm -rf*) — destructive
Bash(curl*POST*) — external API calls
Any command with --force or --no-verify

Step 3: Generate Rules

{
  "permissions": {
    "allow": [
      "Read",
      "Glob",
      "Grep",
      "Bash(git status)",
      "Bash(git diff*)",
      "Bash(git log*)",
      "Bash(npm test*)",
      "Bash(npm run lint*)",
      "Bash(npm run typecheck*)"
    ],
    "deny": [
      "Bash(rm -rf *)",
      "Bash(git push --force*)",
      "Bash(git reset --hard*)"
    ]
  }
}

Output

PERMISSION TUNER REPORT

Current rules: [X] allow, [Y] deny, [Z] ask

Recommendations:
  Auto-approve (safe, read-only):
    + Read, Glob, Grep
    + Bash(git status), Bash(git diff*), Bash(git log*)

  Auto-approve (medium risk, frequently used):
    + Edit (approved X times this session)
    + Bash(npm test*) (approved X times)

  Keep asking:
    ~ Bash(git commit*) — verify commit messages
    ~ Write — verify new file creation

  Auto-deny (dangerous):
    - Bash(rm -rf *)
    - Bash(git push --force*)

Estimated prompts saved per session: ~[N]

Rules

Destructive operations must stay in the deny list
Always present rules for user approval before applying
Group rules by risk level (safe/medium/dangerous)
Include estimated prompt savings

rohitg00/permission-tuner

skills/permission-tuner/SKILL.md

Analyze permission denial patterns and generate optimized alwaysAllow and alwaysDeny rules. Use when permission prompts are slowing you down or after sessions with many denials.

2,245 stars

data-ai

Updated May 28, 2026

$ install --global

skillsauth

npx skillsauth add rohitg00/pro-workflow permission-tuner

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 28, 2026, 6:10 AM24.9s1 file scanned

SKILL.md

name:: permission-tuner
description:: Analyze permission denial patterns and generate optimized alwaysAllow and alwaysDeny rules. Use when permission prompts are slowing you down or after sessions with many denials.

Permission Tuner

Reduce permission prompt fatigue by analyzing denial patterns and suggesting targeted rules.

Trigger

Use when:

Permission prompts interrupt flow repeatedly
Starting a new project and want to configure permissions
After a session with many manual approvals

Workflow

Scan recent session data for permission patterns
Identify frequently-approved tools and patterns
Generate safe alwaysAllow rules
Present rules for approval before applying

Analysis

Step 1: Gather Permission Data

Check current permission rules:

cat .claude/settings.json 2>/dev/null | grep -A 20 "permissions"
cat ~/.claude/settings.json 2>/dev/null | grep -A 20 "permissions"

Step 2: Identify Safe Patterns

Allow-list candidates (low risk):

Read — all file reads (read-only, no side effects)
Glob — file pattern matching (read-only)
Grep — content search (read-only)
Bash(git status) — read-only git commands
Bash(git diff*) — read-only git commands
Bash(git log*) — read-only git commands
Bash(npm test*) — test execution
Bash(npm run lint*) — linting
Bash(npm run typecheck*) — type checking

Ask candidates (medium risk — prompt user every time):

Edit — file modifications
Write — new file creation
Bash(git add*) — staging changes
Bash(git commit*) — creating commits
Bash(npm install*) — dependency changes

Deny-list candidates (high risk):

Bash(git push*) — affects remote
Bash(git reset --hard*) — destructive
Bash(rm -rf*) — destructive
Bash(curl*POST*) — external API calls
Any command with --force or --no-verify

Step 3: Generate Rules

{
  "permissions": {
    "allow": [
      "Read",
      "Glob",
      "Grep",
      "Bash(git status)",
      "Bash(git diff*)",
      "Bash(git log*)",
      "Bash(npm test*)",
      "Bash(npm run lint*)",
      "Bash(npm run typecheck*)"
    ],
    "deny": [
      "Bash(rm -rf *)",
      "Bash(git push --force*)",
      "Bash(git reset --hard*)"
    ]
  }
}

Output

PERMISSION TUNER REPORT

Current rules: [X] allow, [Y] deny, [Z] ask

Recommendations:
  Auto-approve (safe, read-only):
    + Read, Glob, Grep
    + Bash(git status), Bash(git diff*), Bash(git log*)

  Auto-approve (medium risk, frequently used):
    + Edit (approved X times this session)
    + Bash(npm test*) (approved X times)

  Keep asking:
    ~ Bash(git commit*) — verify commit messages
    ~ Write — verify new file creation

  Auto-deny (dangerous):
    - Bash(rm -rf *)
    - Bash(git push --force*)

Estimated prompts saved per session: ~[N]

Rules

Destructive operations must stay in the deny list
Always present rules for user approval before applying
Group rules by risk level (safe/medium/dangerous)
Include estimated prompt savings

Related Skills

rohitg00/skill-optimizer

devops

VerifiedTrustedCommunity

SkillOpt-flavored offline training loop for any SKILL.md. Treats accumulated learn-rule corrections as training trajectories, proposes bounded patches via an optimizer LLM, gates each candidate against a held-out validation set built from the user's own past corrections, and ships only candidates that demonstrably improve the score. Inspired by Microsoft SkillOpt's ReflACT pipeline (rollout → reflect → aggregate → select → update → evaluate) adapted to pro-workflow's SQLite store. Use when a skill has accumulated 8+ learn-rule rows and the user wants the skill itself to get better, not just longer.

2,270SKILL.mdUpdated Jun 4, 2026

rohitg00/skill-optimizer

rohitg00/safe-mode

tools

VerifiedTrustedCommunity

Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.

2,245SKILL.mdUpdated Apr 27, 2026

rohitg00/pro-workflow

development

VerifiedTrustedCommunity

Complete AI coding workflow system. Orchestration patterns, 18 hook events, 5 agents, cross-agent support, reference guides, and searchable learnings. Works with Claude Code, Cursor, and 32+ agents.

2,245SKILL.mdUpdated Apr 27, 2026

rohitg00/pro-workflow

rohitg00/auto-setup

tools

VerifiedTrustedCommunity

Auto-configure quality gates, hooks, and settings for a new project. Detects project type and sets up appropriate tooling. Use when onboarding a new codebase.

2,245SKILL.mdUpdated Apr 18, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/rohitg00/pro-workflow.git

# Copy into Claude Code skills folder (global)
cp -r pro-workflow/skills/permission-tuner ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

rohitg00/pro-workflow

2,245 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT