Is this skill suitable for CI/CD pipelines?

Absolutely. It includes specific patterns for CI/CD that enforce read-only analysis or restricted execution to ensure automated processes don't exceed their intended scope.

How do I restrict Bash commands for the AI?

You can use the 'Bash(command:*)' syntax within your configuration to whitelist safe commands like 'git' or 'npm' while explicitly blocking dangerous ones like 'sudo', 'rm -rf', or 'chmod'.

What is the difference between whitelist and blacklist modes?

Whitelist (allowedTools) is a 'deny-by-default' approach that explicitly permits specific actions, making it more secure for production. Blacklist (deniedTools) blocks specific dangerous actions but allows everything else by default.

Can I protect my .env files with this skill?

Yes, the skill provides specific patterns to block 'Edit' and 'Read' operations on sensitive files like .env, .aws credentials, and secrets.json to prevent data leakage.

Claude Code Permission Security

Name: Claude Code Permission Security
Author: jg-chalk-io

byjg-chalk-io

0•

Security & Testing

Manages enterprise-grade security policies and tool access controls for Claude Code environments.

This skill provides comprehensive strategies for configuring Claude Code's permission architecture, allowing organizations to enforce fine-grained control over tool execution, file access, and system commands. By implementing robust whitelist and blacklist patterns, it ensures that AI automation remains secure and compliant with enterprise security standards while preventing destructive operations or unauthorized access to sensitive credentials and environment variables.

Key Features

01Blacklist-based restriction overrides for high-risk operations

02Whitelist-based tool access control using allowedTools patterns

030 GitHub stars

04Sandbox isolation and production-grade security policy templates

05Bash command restriction and validation for enterprise environments

06Secure glob pattern configuration for file read/edit operations

Use Cases

01Configuring restricted read-only modes for CI/CD or code analysis tasks

02Securing enterprise development environments against accidental destructive commands

03Protecting sensitive credentials and environment files from AI access

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jg-chalk-io/nora-livekit moai-cc-permission-mode

For use in Claude.ai and ChatGPT

Download Skill