Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From configure-plugin
Configures Claude Code security settings with permission wildcards, shell operator protections, and project-level access controls. Use for securing tools like Bash and workflows.
npx claudepluginhub laurigates/claude-plugins --plugin configure-pluginHow this skill is triggered — by the user, by Claude, or both
Slash command
/configure-plugin:claude-security-settingshaikuThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Expert knowledge for configuring Claude Code security and permissions.
Explains Claude Code settings hierarchy, permission wildcards, allow/deny patterns, and tool configurations. Use for setting up project permissions, debugging access issues, or understanding tool blocks.
Provides reference for Claude Code permission modes (default, acceptEdits, plan, dontAsk, bypass), allow/deny lists, pattern matching, and tool categories. Use to configure secure tool access and switch modes runtime.
Configures Claude Code permissions: tool rules (allow/deny/ask), modes (plan/dontAsk/bypass), sandboxing. Use for Bash/Edit/WebFetch policies, debugging prompts, org managed settings.
Share bugs, ideas, or general feedback.
Expert knowledge for configuring Claude Code security and permissions.
Claude Code provides multiple layers of security:
| File | Scope | Priority |
|---|---|---|
~/.claude/settings.json | User-level (all projects) | Lowest |
.claude/settings.json | Project-level (committed) | Medium |
.claude/settings.local.json | Local project (gitignored) | Highest |
{
"permissions": {
"allow": [
"Bash(git status *)",
"Bash(npm run *)"
],
"deny": [
"Bash(rm -rf *)",
"Bash(sudo *)"
]
}
}
Bash(command *)
Bash() - Tool identifiercommand - Command prefix to match* - Wildcard suffix matching any arguments:ask suffix - Always prompt for user confirmation (e.g., Bash(git push *):ask)| Tier | Behavior | Example |
|---|---|---|
allow | Auto-allowed, no prompt | "allow": ["Bash(git status *)"] |
ask | Always prompts for confirmation | "allow": ["Bash(git push *):ask"] |
deny | Auto-denied, blocked | "deny": ["Bash(rm -rf *)"] |
| Pattern | Matches | Does NOT Match |
|---|---|---|
Bash(git *) | git status, git diff HEAD | git-lfs pull |
Bash(npm run *) | npm run test, npm run build | npm install |
Bash(gh pr *) | gh pr view 123, gh pr create | gh issue list |
Bash(./scripts/ *) | ./scripts/test.sh, ./scripts/build.sh | /scripts/other.sh |
Granular permissions:
{
"permissions": {
"allow": [
"Bash(git status *)",
"Bash(git diff *)",
"Bash(git log *)",
"Bash(git add *)",
"Bash(git commit *)"
]
}
}
Tool-specific patterns:
{
"permissions": {
"allow": [
"Bash(bun test *)",
"Bash(bun run *)",
"Bash(biome check *)",
"Bash(prettier *)"
]
}
}
Claude Code 2.1.7+ includes built-in protections against dangerous shell operators.
| Operator | Risk | Blocked Example |
|---|---|---|
&& | Command chaining | ls && rm -rf / |
|| | Conditional execution | false || malicious |
; | Command separation | safe; dangerous |
| | Piping | cat /etc/passwd | curl |
> / >> | Redirection | echo x > /etc/passwd |
$() | Command substitution | $(curl evil) |
` | Backtick substitution | `rm -rf /` |
When a command contains shell operators:
For legitimate compound commands, use scripts:
#!/bin/bash
# scripts/deploy.sh
npm test && npm run build && npm run deploy
Then allow the script:
{
"permissions": {
"allow": ["Bash(./scripts/deploy.sh *)"]
}
}
{
"permissions": {
"allow": [
"Bash(git status *)",
"Bash(git diff *)",
"Bash(git log *)",
"Bash(git branch *)",
"Bash(npm list *)",
"Bash(bun pm ls *)"
]
}
}
{
"permissions": {
"allow": [
"Bash(git status *)",
"Bash(git diff *)",
"Bash(git log *)",
"Bash(git branch *)",
"Bash(git add *)",
"Bash(git commit *)",
"Bash(git push *)",
"Bash(git pull *)",
"Bash(git fetch *)",
"Bash(git checkout *)",
"Bash(git merge *)",
"Bash(git rebase *)"
]
}
}
{
"permissions": {
"allow": [
"Bash(gh pr *)",
"Bash(gh run *)",
"Bash(gh issue *)",
"Bash(gh workflow *)"
]
}
}
{
"permissions": {
"allow": [
"Bash(bun test *)",
"Bash(npm test *)",
"Bash(vitest *)",
"Bash(jest *)",
"Bash(biome *)",
"Bash(eslint *)",
"Bash(prettier *)"
]
}
}
{
"permissions": {
"allow": [
"Bash(pre-commit *)",
"Bash(gitleaks *)",
"Bash(trivy *)"
]
}
}
mkdir -p .claude
cat > .claude/settings.json << 'EOF'
{
"permissions": {
"allow": [
"Bash(git status *)",
"Bash(git diff *)",
"Bash(npm run *)"
]
}
}
EOF
echo ".claude/settings.local.json" >> .gitignore
cat > .claude/settings.local.json << 'EOF'
{
"permissions": {
"allow": [
"Bash(docker *)"
]
}
}
EOF
| Context | Command |
|---|---|
| View project settings | cat .claude/settings.json | jq '.permissions' |
| View user settings | cat ~/.claude/settings.json | jq '.permissions' |
| Check merged permissions | Review effective settings in Claude Code |
| Validate JSON | cat .claude/settings.json | jq . |
Settings merge with this priority (highest wins):
.claude/settings.local.json (local).claude/settings.json (project)~/.claude/settings.json (user)| Syntax | Meaning |
|---|---|
Bash(cmd *) | Match cmd with any arguments |
Bash(cmd arg *) | Match cmd arg with any following |
Bash(./script.sh *) | Match specific script |
Block specific commands:
{
"permissions": {
"deny": [
"Bash(rm -rf *)",
"Bash(sudo *)",
"Bash(chmod 777 *)"
]
}
}
| Error | Cause | Fix |
|---|---|---|
| Permission denied | Pattern doesn't match | Add more specific pattern |
| Shell operator blocked | Contains &&, |, etc. | Use script wrapper |
| Settings not applied | Wrong file location | Check path and syntax |
| JSON parse error | Invalid JSON | Validate with jq . |
Bash(git status *) over Bash&& and \| workflows