Claude Code glossary

allowed-tools

SKILL.md frontmatter field granting Claude permission to use specific tools without asking.

Also called: allowed tools skill, skill permissions, allowed-tools frontmatter

allowed-tools is a SKILL.md frontmatter field that lists tools Claude can use without explicit permission while a skill is active. It accepts a space- or comma-separated string, or a YAML list. For example: allowed-tools: Bash(git add *) Bash(git commit *) Bash(git status *).

Crucially, allowed-tools grants permission; it does not restrict available tools. All tools remain callable, and your standard permission settings still apply to tools not listed here. To remove tools from Claude's available set during a skill's execution, use disallowed-tools instead. This restriction is temporary and clears with your next message.

For persistent blocking across all skills and prompts, configure deny rules within your .claude/settings.json permission settings. For skills stored in a project's .claude/skills/ directory, allowed-tools becomes active only after you accept the workspace trust dialog for that folder, mirroring how permission rules in .claude/settings.json are applied. Always review project skills before trusting a repository, as a skill can grant itself broad tool access. This is why SkillProof's security scan, part of its protocol, examines the entire SKILL.md file and all bundled scripts before assigning a score. For instance, the Skill Security Auditor uses this mechanism to audit code securely.

Understanding allowed-tools is key to managing how skills interact with your environment, complementing concepts like frontmatter and hooks.

← All glossary terms