Markdown Skiller
Read controls, demystified

Access controls

How Markdown Skiller decides who can access each skill.

Precedence

The first rule that applies wins.

To resolve whether a member can read a skill, Markdown Skiller walks a short checklist in order. It stops at the first step that produces an answer.

  1. 1
    Admins are always in.

    If the user is an admin, they have access.

  2. 2
    Does the skill itself have grants?

    If anyone is listed directly on the skill, the access list is exactly those people (plus admins). Folders above are ignored entirely.

  3. 3
    Walk up the folder chain.

    Look at the skill’s folder, then its parent, then its grandparent, etc. The first folder with any grants determines access.

  4. 4
    Nothing restricts it?

    If no skill or ancestor folder in the chain has any grants, the skill is open to every member of the org.

example · acme-org
Engineeringgrants: @rahul, @sam
Releasesno grants — inherits from Engineering
Cutting a releasevisible to: @rahul, @sam (via Engineering)
Rollback playbookgrants: @sam only — overrides Engineering
Architectureno grants — inherits from Engineering
Service mapvisible to: @rahul, @sam (via Engineering)
Marketingno grants anywhere in chain
Brand voicevisible to everyone in the org

Admins see all of the above regardless of grants.

Patterns that hold up

Most teams settle into a handful of shapes. Mix and match — the primitives compose.

  • Department folders

    Create one folder per team — Engineering, Sales, Finance. Grant each team’s members on the folder. New skills any team member adds inside their folder are visible to the rest of the team by default.

  • Sensitive skills inside open folders

    Keep a single playbook (incident response, comp bands, vendor secrets) inside an otherwise-open folder. Grant a small list on the skill itself — the folder’s wider audience stops applying to this one file.

  • Cross-team working groups

    For a temporary initiative, make a folder and grant only the people on the project. When the work concludes, revoke the grants or delete the folder — the access list disappears with it.

  • Agents see what their user sees

    The MCP server signs requests as a specific user and resolves access exactly the same way the UI does. An agent driven by a sales rep can’t read an engineering folder the rep can’t read.

Transparent by design

The access list is accessible on any skill or folder. Access control notes explain how members have access: as an admin, via a direct grant, or via an inherited folder. Revoking access is one click.

Agents play by the same rules

The MCP server resolves access the same way the UI does, using the same precedence walk. get_all_skills only lists what the caller can see; get_skill refuses the rest.

Three rules. Every read decision.

Admin role, folder grants, per-skill overrides. That's the whole model — for the editor, the explorer, and the MCP server.

Sign in to manage accessBack to overview