permissions
Command approvals, tool policies, and exec security
45
32%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./src/skills/bundled/permissions/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description reads as a list of topic keywords rather than a functional skill description. It lacks concrete actions, explicit trigger guidance, and natural user-facing language. It would be difficult for Claude to reliably select this skill from a large pool because it doesn't explain what the skill actually does or when it should be used.
Suggestions
Add concrete actions describing what the skill does, e.g., 'Manages approval workflows for shell commands, defines tool execution policies, and enforces security rules for command execution.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about allowing or blocking commands, setting tool permissions, configuring exec policies, or managing command security.'
Include common user-facing synonyms and variations such as 'allow', 'block', 'permission', 'whitelist', 'deny', 'shell command', 'execution policy'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description lists abstract concepts ('command approvals', 'tool policies', 'exec security') but does not describe any concrete actions like 'approve commands', 'enforce policies', or 'validate execution permissions'. These are topic labels, not action descriptions. | 1 / 3 |
Completeness | The description only vaguely hints at 'what' (command approvals, tool policies, exec security) without any specificity, and completely lacks a 'when' clause or explicit trigger guidance. | 1 / 3 |
Trigger Term Quality | Terms like 'command approvals' and 'exec security' are somewhat relevant but lean toward internal/technical jargon. Users are more likely to say things like 'allow command', 'block command', 'permission', or 'security policy'. Missing common natural variations. | 2 / 3 |
Distinctiveness Conflict Risk | The terms 'command approvals' and 'exec security' provide some niche focus, but 'tool policies' is broad enough to overlap with other skills related to tool configuration or general security settings. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a complete API reference document dumped into a single file, which is highly verbose and poorly structured for a SKILL.md. While the code examples are concrete and executable (strong actionability), the content suffers from being a monolithic reference that explains three different interfaces (chat, TypeScript, CLI) for the same operations without progressive disclosure. For a security-focused skill, the workflow around safe command execution could be more explicitly sequenced with validation checkpoints.
Suggestions
Restructure SKILL.md as a concise overview (under 50 lines) with quick-start examples, then move the full TypeScript API reference, CLI reference, and chat commands into separate linked files (e.g., API.md, CLI.md).
Eliminate redundancy between the three interfaces (chat commands, TypeScript API, CLI) by picking one as the primary example in SKILL.md and referencing the others.
Add an explicit workflow diagram or numbered sequence for the common security flow: set mode → define rules → check permissions → handle approval → execute, with validation checkpoints at each step.
Remove verbose console.log statements and inline comments that Claude doesn't need; present the API surface more compactly, e.g., as a method signature table rather than full code blocks for every operation.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | This is an extensive API reference (~200 lines) that reads like auto-generated documentation. Much of it is verbose with console.log examples, redundant sections (chat commands, CLI commands, and TypeScript API all covering the same operations), and explanations Claude doesn't need. The content could be cut by 60%+ while preserving all actionable information. | 1 / 3 |
Actionability | The skill provides fully executable TypeScript code examples, concrete CLI commands, and specific chat commands with clear syntax. Code is copy-paste ready with realistic parameters and complete import statements. | 3 / 3 |
Workflow Clarity | The check-permission flow (check → request approval → wait → execute) is implicitly sequenced through the code examples, but there's no explicit workflow with validation checkpoints. For a security-sensitive domain involving command execution approvals, there should be clearer step-by-step workflows with error handling and verification steps. | 2 / 3 |
Progressive Disclosure | This is a monolithic wall of API reference content that should be split across files. The SKILL.md should be a concise overview with links to separate references for the TypeScript API, CLI commands, chat commands, and pattern syntax. Everything is inlined in one massive document. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- alsk1992/CloddsBot
- Commit
e71a5f6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.