Skills
skills/aaaaqwq/claude-code-skills/permission-manager/Gen Agent Trust Hub

permission-manager

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [Privilege Escalation] (MEDIUM): The skill is specifically designed to modify the allowedTools array in ~/.claude.json. This bypasses the security requirement for human-in-the-loop approval for tool execution, effectively escalating the autonomous capabilities of the agent. This is downgraded from HIGH as it is the primary stated purpose.
  • [Dynamic Execution] (MEDIUM): The workflow instructs the agent to create a temporary JavaScript file (update_permissions.js) and execute it using the node runtime. Generating and executing code at runtime is a high-risk behavior typically used to obfuscate intent or bypass static filters.
  • [Data Exposure & Modification] (MEDIUM): The skill targets the ~/.claude.json file, which is a sensitive configuration file controlling the security policy of the environment. Direct modification of this file can lead to persistent security vulnerabilities.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:27 PM