How does Claude decide which permission mode to use?

The skill analyzes the task intent and maps it to Tier 0 (plan), Tier 1 (acceptEdits), or Tier 2 (bypassPermissions) per the defined workflow.

What if the task requires bypassPermissions?

You must obtain explicit user approval before executing bypassPermissions, and never run it without clearly stated risk and user consent.

How can I control costs during tasks?

Use the daily ccusage check for budgeting and apply --max-budget-usd for non-interactive tasks to prevent overruns.

claude-code-cli

npx machina-cli add skill yu-iskw/coding-agent-skills/claude-code-cli --openclaw

Files (1)

SKILL.md

3.2 KB

executing-claude

Purpose

Use this skill to perform coding, research, or automation tasks using the claude CLI. It maps requests to Claude's native permission modes to balance automation with security.

Permission Tiers

Tier	Claude Mode	Capability	Approval Required	Typical Tasks
0	`plan`	Read-only access, analysis, research.	No	Code review, audits, web research.
1	`acceptEdits`	Auto-approves file edits; prompts for shell.	Yes	Refactoring, documentation, lint fixes.
2	`bypassPermissions`	Auto-approves ALL tools (edits + shell).	Yes (High Risk)	CI/CD, complex builds, automated testing.

Implementation Workflow

1. Budget Verification (Optional but Recommended)

Before initiating complex or long-running tasks, verify the remaining token/cost budget to avoid suspension.

Tools: Use ccusage daily --json to check current consumption.
Constraints: If the daily cost is approaching the limit, alert the user or use the --max-budget-usd flag for the session.

2. Analyze & Classify

Analyze the user's intent to determine the required permission tier.

Tier 0 (Plan): Does the task only involve reading code or searching for information?
Tier 1 (Accept Edits): Does the task involve modifying files but no command execution?
Tier 2 (Bypass Permissions): Does the task require running tests, build scripts, or managing dependencies autonomously?

2. Approval Protocol

If the task maps to Tier 1 or Tier 2, you MUST obtain user approval before executing the claude command.

Use the AskQuestion tool to confirm:

"I've detected that this task requires [Accept Edits/Bypass Permissions] permissions to [modify files/run shell commands]. OK to proceed?"

3. Execution

Execute claude using the mode determined by the tier. Use --max-budget-usd for non-interactive tasks where cost control is critical.

# Tier 0 (Plan)
claude -p "<prompt>" --permission-mode plan --max-budget-usd 1.0

# Tier 1 (Accept Edits)
claude -p "<prompt>" --permission-mode acceptEdits

# Tier 2 (Bypass Permissions)
claude -p "<prompt>" --permission-mode bypassPermissions

Security Rules:

NEVER use --permission-mode bypassPermissions without explicit confirmation of the risks.
ALWAYS use the most restrictive mode possible (prefer plan).
If you are unsure, default to plan and escalate only if claude reports it cannot complete the task.

Configuration

This skill leverages native claude CLI flags to enforce the permission tiers. No additional configuration files are required.

Examples

Refer to references/usage-examples.md for concrete scenarios.

Source

git clone https://github.com/yu-iskw/coding-agent-skills/blob/main/skills/claude-code-cli/SKILL.mdView on GitHub

Overview

This skill uses the Claude Code CLI to perform coding, research, and automation tasks. It automatically selects the safest permission mode (plan, acceptEdits, or bypassPermissions) based on task type to balance automation and security.

How This Skill Works

The skill analyzes the user’s intent, classifies the task into a permission tier, and, if Tier 1 or 2 is required, prompts the user for approval before executing. It then runs claude with the appropriate --permission-mode and, for non-interactive tasks, may apply --max-budget-usd to control cost.

When to Use It

Read-only code analysis or information gathering (plan mode) to minimize risk.
Modifying files such as refactoring or lint fixes (acceptEdits) with user approval.
Running tests, builds, or automations that may change the environment (bypassPermissions) with explicit consent.
Cost-sensitive, non-interactive tasks where you must control spend using --max-budget-usd.
Situations requiring explicit user approval before any changes or shell commands are executed.

Quick Start

Step 1: Assess the task type (read-only, edits, or shell/CI actions) to determine the tier.
Step 2: If edits or shell actions may occur, obtain explicit user approval before proceeding.
Step 3: Run claude with the appropriate mode, e.g., claude -p '<prompt>' --permission-mode plan --max-budget-usd 1.0 or acceptEdits/bypassPermissions as needed.

Best Practices

Default to plan when unsure of the exact impact of the task.
If Tier 1 or Tier 2 is possible, obtain explicit user approval before proceeding.
Monitor cost with ccusage daily and apply --max-budget-usd for non-interactive runs.
Keep prompts precise to avoid unintended edits or commands.
Review Claude outputs and revert changes if the result isn’t as expected.

Example Use Cases

Analyze a codebase to identify refactor opportunities without making edits.
Apply documentation edits across multiple files using acceptEdits after user approval.
Run a unit test suite and automatically fix trivial issues under bypassPermissions with consent.
Automate dependency updates and builds in a CI-like flow with controlled cost.
Generate and update changelog and docs after a code change with planned edits.

Frequently Asked Questions

Add this skill to your agents