Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
How this command is triggered — by the user, by Claude, or both
Slash command
/casper:setupThe summary Claude sees in its command listing — used to decide when to auto-load this command
# Casper Setup
Read the settings template at `${CLAUDE_PLUGIN_ROOT}/settings-template.json`.
Then apply these settings to the user's `.claude/settings.json`:
1. If `.claude/settings.json` doesn't exist, create it with the template contents
2. If it exists, MERGE the settings (don't overwrite existing user settings):
- Add any deny rules from the template that aren't already present
- Add any allow rules from the template that aren't already present
- Set env vars for telemetry if not already set
After applying, confirm what was added and remind the user to restart Claude Code f.../cc-configGenerates, audits, or displays Claude Code configurations (CLAUDE.md, settings.json, .mcp.json). Supports generate with presets (developer, ci-cd, secure), audit for issues, and show for merged settings.
/security-auditAudits plugin configuration files including hooks, settings, agents, and CLAUDE.md for 8 security risks like command injection, secrets, and over-permissions. Produces severity-graded report.
/guardActivates safety guardrails that block destructive Bash commands (rm -rf), SQL drops (DROP TABLE), git force-pushes, and optionally restrict file edits to a directory. Explains each block.
/safe-modeActivates protective modes against destructive operations: cautious warns on risky Bash/git commands; lockdown restricts edits to a path; clear disables all. Reports status.
/hookifyCreates hook rules to prevent unwanted Claude Code behaviors by analyzing conversations or explicit instructions, generating YAML files in .claude/.
/install-permissionsInstalls curated allowlist for safe UiPath (uip) subcommands into Claude Code settings to skip permission prompts. Prompts for variant (full with safety rails or allow-only) and install location (project/global/print/custom). Merges with existing rules, shows diff, confirms before write.
Share bugs, ideas, or general feedback.
Read the settings template at ${CLAUDE_PLUGIN_ROOT}/settings-template.json.
Then apply these settings to the user's .claude/settings.json:
.claude/settings.json doesn't exist, create it with the template contentsAfter applying, confirm what was added and remind the user to restart Claude Code for the changes to take effect.
The setup applies the following protections:
.env, .env.*, .env.local, .env.production**/secrets/**, **/.secrets/****/*credentials*casper:setup, casper:company, casper:projects, casper:transcriptsnpm run:*, npm test:*, npm install:*git status:*, git diff:*, git log:*, git add:*, git commit:*The bash validator hook blocks catastrophic commands:
rm -rf / and similar system-destroying patternscurl | bash (remote code execution)dd to block devices (disk destruction)DISABLE_TELEMETRY=1DISABLE_ERROR_REPORTING=1This plugin focuses on preventing irreversible, catastrophic operations rather than trying to block everything potentially dangerous. Denylists are inherently bypassable - these rules are a safety net, not a security boundary.