The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interfaces with the nocobase-ctl CLI tool via a Node.js wrapper script (scripts/run-ctl.mjs) using spawnSync. This wrapper provides a layer of security by validating command arguments in the validateCtlArgs function and enforcing a strict structure for ACL write payloads in validateAclResourceWriteBody, requiring essential fields like usingActionsConfig and scopeId.
[SAFE]: Execution is governed by strict instructional guards in SKILL.md and references/execution-guard-template.md, including a mandatory pre-write verification sequence (env -s project, acl --help) that ensures the environment is correctly configured and the necessary plugins are active.
[SAFE]: High-impact operations, such as changing global role modes or granting expansive system snippets (e.g., ui.*, pm), require explicit user confirmation and a summary of the potential impact as specified in the Risk Domain sections of SKILL.md and references/intent-presets-v1.md.
[SAFE]: The skill explicitly prohibits the use of temporary script files or direct database mutations, directing all operations through the validated CLI transport path to maintain auditability and security.

nocobase-acl-manage