permission-manager
Manage opencode permissions: review always-allow lists, suggest safe read-only commands, configure permission patterns
What this skill does
## What I do - Review and summarize currently always-allowed commands - Suggest safe read-only commands for auto-approval - Add or remove commands from the allow list in opencode.json - Configure skill-level permissions (allow/deny/ask) with wildcard patterns - Audit permission configs for security and usability ## When to Use Use this when optimizing opencode's permission settings, reviewing allowed commands, or configuring skill access controls. ## Workflow Steps 1. **Read current config**: Load `~/.config/opencode/opencode.json` or project-level `opencode.json` 2. **Summarize permissions**: Identify currently allowed commands and skill permissions 3. **Suggest additions**: Propose safe read-only commands for auto-allow (see recommended list below) 4. **Apply changes**: Edit the config to add/remove permission entries 5. **Validate**: Ensure JSON is valid after changes Complements opencode's built-in allow/deny/ask permissions by auditing current config and recommending adjustments through conversation. ## Key Rules - Never allow commands that modify files, commit, push, or change system state - Prefer exact command entries such as `git status --short`, `git diff --stat`, and `ls -la` - Avoid trailing wildcards such as `git status*` unless the expanded command family has been manually reviewed as read-only - Confirm with user before modifying permission config - Distinguish between bash command permissions and skill permissions - Keep config organized: group related commands together ## Limitations - This skill is scoped to opencode permission configuration and should not modify other agent hosts' permission stores. - Treat all write-capable command permissions as high-risk; review them manually even when a pattern looks narrow. ## How to trigger me Use the Task tool with the `permission-manager` subagent type: ``` /permissions ``` Or in natural language, ask opencode to "manage opencode permissions" or "review allowed commands".
Related in Code Review
gstack
IncludedFast headless browser for QA testing and site dogfooding. Navigate pages, interact with elements, verify state, diff before/after, take annotated screenshots, test responsive layouts, forms, uploads, dialogs, and capture bug evidence. Use when asked to open or test a site, verify a deployment, dogfood a user flow, or file a bug with screenshots. (gstack)
startup-due-diligence
IncludedLegal due diligence review for seed-stage and Series A startups (US, Delaware C-Corp focus). Supports both investor and founder perspectives. Capabilities include: (1) Interactive document review and issue spotting; (2) Document request list generation; (3) Cap table and SAFE/convertible note analysis; (4) Red flag identification with severity ratings; (5) Diligence report generation. TRIGGERS: due diligence, DD, startup investment, cap table review, Series A, seed round, investor diligence, legal review startup, SAFE analysis, convertible note, 409A, founder vesting.
interview-master
IncludedThis skill should be used when the user asks to "generate interview questions", "prepare for interview", "optimize resume", "conduct mock interview", "analyze git commits for resume", "generate resume from code", "review my resume", or mentions interview preparation, career assistance, or extracting project experience from git history. Provides comprehensive interview and career development guidance for both job seekers and interviewers.
fix-issue
IncludedFixes GitHub issues using parallel analysis agents for root cause investigation, code exploration, and regression detection. Reads issue context from gh CLI, searches codebase and memory for related patterns, generates a fix with tests, and links the resolution back to the issue via PR. Includes prevention analysis to avoid recurrence. Use when debugging errors, resolving regressions, fixing bugs, or triaging issues.
sf-apex
IncludedGenerates and reviews Salesforce Apex code with 150-point scoring. TRIGGER when: user writes, reviews, or fixes Apex classes, triggers, test classes, batch/queueable/schedulable jobs, or touches .cls/.trigger files. DO NOT TRIGGER when: LWC JavaScript (use sf-lwc), Flow XML (use sf-flow), SOQL-only queries (use sf-soql), or non-Salesforce code.
swift-development
IncludedComprehensive Swift development for building, testing, and deploying iOS/macOS applications. Use when Claude needs to: (1) Build Swift packages or Xcode projects from command line, (2) Run tests with XCTest or Swift Testing framework, (3) Manage iOS simulators with simctl, (4) Handle code signing, provisioning profiles, and app distribution, (5) Format or lint Swift code with SwiftFormat/SwiftLint, (6) Work with Swift Package Manager (SPM), (7) Implement Swift 6 concurrency patterns (async/await, actors, Sendable), (8) Create SwiftUI views with MVVM architecture, (9) Set up Core Data or SwiftData persistence, or any other Swift/iOS/macOS development tasks.