ctx-sanitize-permissions

Audit tool permissions for dangerous or overly broad entries. Use to ensure safe agent configuration.

41 stars

Best use case

ctx-sanitize-permissions is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Audit tool permissions for dangerous or overly broad entries. Use to ensure safe agent configuration.

Teams using ctx-sanitize-permissions should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/ctx-sanitize-permissions/SKILL.md --create-dirs "https://raw.githubusercontent.com/ActiveMemory/ctx/main/internal/assets/integrations/copilot-cli/skills/ctx-sanitize-permissions/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/ctx-sanitize-permissions/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How ctx-sanitize-permissions Compares

Feature / Agent	ctx-sanitize-permissions	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Audit tool permissions for dangerous or overly broad entries. Use to ensure safe agent configuration.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

Audit agent permission configurations for dangerous patterns.

## When to Use

- After initial project setup
- When reviewing security posture
- When permissions seem overly broad
- Before sharing a project configuration

## When NOT to Use

- No permission config exists
- Already audited recently

## Categories to Check

### 1. Hook bypass permissions
Permissions that disable safety hooks entirely.

### 2. Destructive command permissions
Allow patterns that cover `rm -rf`, `git push --force`,
`git reset --hard`, etc.

### 3. Injection vectors
Overly broad shell permissions that could allow arbitrary
command execution.

### 4. Overly broad wildcards
Permissions like `Bash(*)` or `Write(*)` that grant
unrestricted access.

## Process

1. Read the permission configuration file
2. Check each entry against the four categories
3. Flag dangerous entries with severity level
4. Propose safer alternatives
5. Apply fixes with user approval

## Output Format

```
## Permission Audit Results

### 🔴 Critical (N)
1. `Bash(*)`: unrestricted shell access
   → Suggest: scope to specific commands

### 🟡 Warning (N)
1. `Write(/etc/*)`: write access to system dirs
   → Suggest: remove or scope to project

### ✅ Clean (N entries passed)
```

## Quality Checklist

- [ ] All permission entries reviewed
- [ ] Critical items flagged
- [ ] Safer alternatives proposed
- [ ] No changes made without user approval

Related Skills

ctx-permission-sanitize

from ActiveMemory/ctx

Audit settings.local.json for dangerous permissions. Use periodically, after granting permissions, or when security hygiene matters.

ctx-verify

from ActiveMemory/ctx

Verify before claiming completion. Use before saying work is done, tests pass, or builds succeed.

ctx-skill-creator

from ActiveMemory/ctx

Create, improve, test, and deploy skills. Full skill lifecycle from intent to working skill file.

ctx-recall

from ActiveMemory/ctx

Browse session history. Use when referencing past discussions or finding context from previous work.

ctx-prompt

from ActiveMemory/ctx

Apply, list, and manage saved prompt templates from .context/prompts/. Use when the user asks to apply, list, or create a reusable template like code-review or refactor.

ctx-journal-normalize

from ActiveMemory/ctx

Normalize journal source markdown for clean rendering. Use after journal site shows rendering issues: fence nesting, metadata formatting, broken lists.

ctx-import-plans

from ActiveMemory/ctx

Import plan files into project specs directory. Use to convert external plans into project-tracked specs.

ctx-compact

from ActiveMemory/ctx

Archive completed tasks and trim context. Use when context files are growing large.

ctx-check-links

from ActiveMemory/ctx

Audit docs for dead links. Use before releases, after restructuring docs, or when running a documentation audit.

ctx-add-task

from ActiveMemory/ctx

Add a task. Use when follow-up work is identified or when breaking down complex work into subtasks.

ctx-add-learning

from ActiveMemory/ctx

Record a learning. Use when discovering gotchas, bugs, or unexpected behavior that future sessions should know about.

ctx-add-decision

from ActiveMemory/ctx

Record architectural decision. Use when a trade-off is resolved or a non-obvious design choice is made that future sessions need to know.