Spark
Sign In
Skill

Secure Opencode Permissions

Permission Manager audits and configures opencode's command allow-lists and skill-level access controls.

Get skill
Works with opencode
Antigravity
Maintainer?
46
Spark score
out of 100
Updated 2 days ago
Version 13.1.0
Add to Favorites

Why it matters

Optimize and secure your Opencode agent's command execution permissions. This skill audits current configurations, suggests safe read-only commands for auto-approval, and helps manage skill-level access controls.

Outcomes

What it gets done

01

Review and summarize always-allowed commands.

02

Suggest safe read-only commands for auto-approval.

03

Add or remove commands from the Opencode allow list.

04

Configure skill-level permissions with wildcard patterns.

Install

Add it to your toolbox

Run in your project directory:

curl -fsSL https://spark.entire.vc/get/ag-permission-manager | bash

Capabilities

What this skill does

Audit access

Reviews permissions and logs to flag unauthorized activity.

Review code

Analyzes code for bugs, style issues, and improvements.

Classify

Labels or categorizes text, files, or data points.

Manage secrets

Stores, rotates, and injects API keys and credentials.

Overview

Permission Manager

What it does

Audits opencode.json permission configuration, summarizes allowed commands and skill permissions, proposes safe read-only command additions, and applies permission changes after user confirmation.

How it connects

Use when reviewing currently allowed commands, adding or removing commands from the allow list, configuring skill-level permissions with wildcard patterns, or auditing permission configs for security and usability.

Source README

What I do

  • Review and summarize currently always-allowed commands
  • Suggest safe read-only commands for auto-approval
  • Add or remove commands from the allow list in opencode.json
  • Configure skill-level permissions (allow/deny/ask) with wildcard patterns
  • Audit permission configs for security and usability

When to Use

Use this when optimizing opencode's permission settings, reviewing allowed commands, or configuring skill access controls.

Workflow Steps

  1. Read current config: Load ~/.config/opencode/opencode.json or project-level opencode.json
  2. Summarize permissions: Identify currently allowed commands and skill permissions
  3. Suggest additions: Propose safe read-only commands for auto-allow (see recommended list below)
  4. Apply changes: Edit the config to add/remove permission entries
  5. Validate: Ensure JSON is valid after changes

Complements opencode's built-in allow/deny/ask permissions by auditing current config and recommending adjustments through conversation.

Key Rules

  • Never allow commands that modify files, commit, push, or change system state
  • Prefer exact command entries such as git status --short, git diff --stat, and ls -la
  • Avoid trailing wildcards such as git status* unless the expanded command family has been manually reviewed as read-only
  • Confirm with user before modifying permission config
  • Distinguish between bash command permissions and skill permissions
  • Keep config organized: group related commands together

Limitations

  • This skill is scoped to opencode permission configuration and should not modify other agent hosts' permission stores.
  • Treat all write-capable command permissions as high-risk; review them manually even when a pattern looks narrow.

How to trigger me

Use the Task tool with the permission-manager subagent type:

/permissions

Or in natural language, ask opencode to "manage opencode permissions" or "review allowed commands".

Discussion

Questions & comments · 0

Sign In Sign in to leave a comment.