chore(claude): tighten skill allowed-tools — replace bare Bash with prefix-scoped matchers

jdalton · jdalton · commit 320c21746a67 · 2026-04-27T14:50:13.000-04:00
Replaces bare Bash in skill allowed-tools frontmatter with an explicit
list of Bash(prefix:*) matchers covering the common command set:

  Bash(pnpm:*), Bash(npm:*), Bash(git:*), Bash(node:*), Bash(rg:*),
  Bash(grep:*), Bash(find:*), Bash(ls:*), Bash(cat:*), Bash(head:*),
  Bash(tail:*), Bash(wc:*), Bash(diff:*)

Override sets for skills with narrower needs:

- security-scan: Task, Read, Bash(pnpm exec agentshield:*),
  Bash(zizmor:*), Bash(command -v:*), Bash(find .cache/external-tools/zizmor:*)
- squashing-history: AskUserQuestion, Bash(git:*), Bash(diff:*),
  Bash(rm:*), Bash(ls:*)

Bare Bash (= Bash(*)) silently allowed every shell command. The new
list is the minimum credible footprint a fleet update skill needs;
skills that need additional commands (jq, awk, python3, gh, etc.)
should add those matchers explicitly in their own SKILL.md.

Mirrors the canonical pattern landed on socket-repo-template main.
diff --git a/.claude/skills/path-guard/SKILL.md b/.claude/skills/path-guard/SKILL.md
@@ -2,8 +2,7 @@
 name: path-guard
 description: Audit and fix path duplication in this Socket repo. Apply the strict "1 path, 1 reference" rule — every build/test/runtime/config path is constructed exactly once; everywhere else references the constructed value. Default mode finds and fixes; `check` mode reports only; `install` mode drops the gate + hook + rule into a fresh repo.
 user-invocable: true
-allowed-tools: Task, Bash, Read, Edit, Write, Grep, Glob, AskUserQuestion
----
+allowed-tools: Task, Bash(pnpm:*), Bash(npm:*), Bash(git:*), Bash(node:*), Bash(rg:*), Bash(grep:*), Bash(find:*), Bash(ls:*), Bash(cat:*), Bash(head:*), Bash(tail:*), Bash(wc:*), Bash(diff:*), Read, Edit, Write, Grep, Glob, AskUserQuestion---
 
 # path-guard
 
diff --git a/.claude/skills/security-scan/SKILL.md b/.claude/skills/security-scan/SKILL.md
@@ -2,8 +2,7 @@
 name: security-scan
 description: Runs a multi-tool security scan — AgentShield for Claude config, zizmor for GitHub Actions, and optionally Socket CLI for dependency scanning. Produces an A-F graded security report. Use after modifying `.claude/` config, hooks, agents, or GitHub Actions workflows, and before releases.
 user-invocable: true
-allowed-tools: Task, Bash, Read, Grep, Glob
----
+allowed-tools: Task, Read, Bash(pnpm exec agentshield:*), Bash(zizmor:*), Bash(command -v:*), Bash(find .cache/external-tools/zizmor:*)---
 
 # Security Scan
 
diff --git a/.claude/skills/updating/SKILL.md b/.claude/skills/updating/SKILL.md
@@ -2,8 +2,7 @@
 name: updating
 description: Updates all npm dependencies to their latest versions. Triggers when user asks to "update dependencies", "update packages", or prepare for a release.
 user-invocable: true
-allowed-tools: Bash, Read, Grep, Glob, Edit
----
+allowed-tools: Bash(pnpm:*), Bash(npm:*), Bash(git:*), Bash(node:*), Bash(rg:*), Bash(grep:*), Bash(find:*), Bash(ls:*), Bash(cat:*), Bash(head:*), Bash(tail:*), Bash(wc:*), Bash(diff:*), Read, Grep, Glob, Edit---
 
 # updating
 
