Permission Analyzer
Generate permissions configuration based on actual tool usage from past sessions.
Workflow
- •
Run the analysis script for the current project:
bash~/.claude/skills/permission-analyzer/scripts/analyze_permissions.py
- •
Review the generated permissions output
- •
Offer to merge into existing settings:
- •If
.claude/settings.jsonexists, merge thepermissionssection - •If not, create new file with generated config
- •Preserve existing settings (model, env, etc.)
- •If
Script Output
The script outputs to stderr (summary) and stdout (JSON):
code
Analyzing: /path/to/project
Sessions analyzed: 42
Bash commands found:
git: 150
make: 80
go: 45
MCP tools found:
mcp__devtools__think
{
"permissions": {
"allow": ["Bash(git:*)", "Bash(go:*)", ...],
"deny": [...],
"defaultMode": "acceptEdits"
}
}
Generated Rules
Allow list includes:
- •Development commands used (git, make, go, npm, cargo, etc.)
- •Filesystem commands used (ls, mkdir, find, etc.)
- •MCP server wildcards for servers that were used
Deny list includes:
- •Dangerous gh operations (merge, delete, secrets, auth)
- •Sensitive file patterns (.env, secrets/, *.pem, *.key)
- •Destructive commands (rm -rf, sudo, chmod 777)
Merging Settings
When .claude/settings.json exists, merge only the permissions key while preserving other settings. If user has custom allow/deny rules, ask whether to merge or replace.