update-allowed-tools

[Skill Scanner] Credential file access detected This SKILL.md is coherent and its requested capabilities align with its stated purpose: scanning skill files for referenced tools and updating allowed-tools frontmatter. There are no direct signs of malicious behavior such as hardcoded secrets, external network calls, or obfuscation. The primary security concern is the use of Bash(...) and granting file Read/Write/Edit outside the project: these are powerful capabilities that, if granted broadly or without user review, could enable data access or command execution on the host. Recommend reviewing the implementation that performs edits to ensure it enforces the described restrictions and requires user confirmation before adding outside-project file permissions or broad Bash entries. LLM verification: The tool’s purpose and workflow are consistent with automated maintenance of allowed-tools based on content. The credential/config path reference (/.config) is the main anomaly and should be tightly scoped to avoid potential credential exposure. With proper sandboxing, path whitelisting, and restricted FS access, the approach remains benign and useful for ensuring permissions stay aligned with actual tool usage.