permissions
Command approvals, tool policies, and exec security
65
51%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./src/skills/bundled/permissions/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is too terse and abstract, reading more like a topic list than a functional skill description. It fails to explain what actions Claude performs and provides no guidance on when to select this skill. The lack of concrete verbs and explicit trigger conditions makes it difficult for Claude to reliably choose this skill from a larger set.
Suggestions
Add concrete action verbs describing what the skill does (e.g., 'Manages approval workflows for shell commands, configures tool execution policies, enforces security restrictions')
Include a 'Use when...' clause with natural trigger terms (e.g., 'Use when the user asks about command permissions, wants to approve/deny tool execution, or needs to configure security policies')
Add common user phrases and variations like 'allow command', 'block execution', 'permission denied', 'approve tool' to improve trigger term coverage
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses abstract noun phrases ('command approvals', 'tool policies', 'exec security') without describing any concrete actions. It doesn't specify what Claude actually does with these concepts. | 1 / 3 |
Completeness | The description only vaguely hints at 'what' (security-related concepts) and completely lacks any 'when' guidance. There is no 'Use when...' clause or explicit trigger guidance. | 1 / 3 |
Trigger Term Quality | Contains some relevant technical terms like 'command approvals' and 'exec security' that users might mention, but lacks natural variations users would say like 'run command', 'execute', 'permission', 'allow', or 'block'. | 2 / 3 |
Distinctiveness Conflict Risk | The terms 'command approvals' and 'exec security' provide some specificity to a security/permissions domain, but 'tool policies' is generic enough to potentially overlap with other configuration or policy-related skills. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
79%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured API reference that excels at actionability and conciseness, providing executable code and clear command syntax throughout. However, for a security-focused skill involving command execution and approvals, it lacks explicit validation workflows and error recovery guidance. The document would benefit from splitting into overview + detailed references.
Suggestions
Add explicit validation/error handling workflows for the approval process (e.g., what happens on timeout, how to retry, how to verify a command executed safely)
Split into SKILL.md overview with links to separate REFERENCE.md for full API and SECURITY.md for modes/patterns
Add a workflow section showing the complete flow: check permission → request approval → wait → handle result → execute with verification
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, presenting API references and commands without unnecessary explanation. It assumes Claude understands TypeScript, CLI patterns, and security concepts without over-explaining. | 3 / 3 |
Actionability | Provides fully executable TypeScript code examples, complete CLI commands, and copy-paste ready patterns. Every section includes concrete, runnable examples with realistic parameters. | 3 / 3 |
Workflow Clarity | While individual operations are clear, the document lacks explicit validation checkpoints for security-critical operations. The request approval flow shows a sequence but doesn't include error handling or what to do if approval times out. | 2 / 3 |
Progressive Disclosure | Content is well-organized with clear sections and tables, but it's a monolithic reference document. Complex topics like tool policies and security modes could be split into separate files with links from a concise overview. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- alsk1992/CloddsBot
- Commit
2a8c94e
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.