Stats
Actions
Tags
From antigravity-awesome-skills
Analyzes a repository to generate evidence-based Claude Code settings.json permissions. Detects tech stack, build tools, and monorepo structure to recommend safe read-only command allow lists.
How this skill is triggered — by the user, by Claude, or both
Slash command
/antigravity-awesome-skills:claude-settings-auditThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Analyze this repository and generate recommended Claude Code `settings.json` permissions for read-only commands.
Analyze this repository and generate recommended Claude Code settings.json permissions for read-only commands.
settings.json permissions for a repository.Run these commands to detect the repository structure:
ls -la
find . -maxdepth 2 \( -name "*.toml" -o -name "*.json" -o -name "*.lock" -o -name "*.yaml" -o -name "*.yml" -o -name "Makefile" -o -name "Dockerfile" -o -name "*.tf" \) 2>/dev/null | head -50
Check for these indicator files:
| Category | Files to Check |
|---|---|
| Python | pyproject.toml, setup.py, requirements.txt, Pipfile, poetry.lock, uv.lock |
| Node.js | package.json, package-lock.json, yarn.lock, pnpm-lock.yaml |
| Go | go.mod, go.sum |
| Rust | Cargo.toml, Cargo.lock |
| Ruby | Gemfile, Gemfile.lock |
| Java | pom.xml, build.gradle, build.gradle.kts |
| Build | Makefile, Dockerfile, docker-compose.yml |
| Infra | *.tf files, kubernetes/, helm/ |
| Monorepo | lerna.json, nx.json, turbo.json, pnpm-workspace.yaml |
Check for service integrations:
| Service | Detection |
|---|---|
| Sentry | sentry-sdk in deps, @sentry/* packages, .sentryclirc, sentry.properties |
| Linear | Linear config files, .linear/ directory |
Read dependency files to identify frameworks:
package.json → check dependencies and devDependenciespyproject.toml → check [project.dependencies] or [tool.poetry.dependencies]Gemfile → check gem namesCargo.toml → check [dependencies]cat .claude/settings.json 2>/dev/null || echo "No existing settings"
Build the allow list by combining:
[
"Bash(ls:*)",
"Bash(pwd:*)",
"Bash(find:*)",
"Bash(file:*)",
"Bash(stat:*)",
"Bash(wc:*)",
"Bash(head:*)",
"Bash(tail:*)",
"Bash(cat:*)",
"Bash(tree:*)",
"Bash(git status:*)",
"Bash(git log:*)",
"Bash(git diff:*)",
"Bash(git show:*)",
"Bash(git branch:*)",
"Bash(git remote:*)",
"Bash(git tag:*)",
"Bash(git stash list:*)",
"Bash(git rev-parse:*)",
"Bash(gh pr view:*)",
"Bash(gh pr list:*)",
"Bash(gh pr checks:*)",
"Bash(gh pr diff:*)",
"Bash(gh issue view:*)",
"Bash(gh issue list:*)",
"Bash(gh run view:*)",
"Bash(gh run list:*)",
"Bash(gh run logs:*)",
"Bash(gh repo view:*)",
"Bash(gh api:*)"
]
Only include commands for tools actually detected in the project.
| If Detected | Add These Commands |
|---|---|
| Any Python | python --version, python3 --version |
poetry.lock | poetry show, poetry env info |
uv.lock | uv pip list, uv tree |
Pipfile.lock | pipenv graph |
requirements.txt (no other lock) | pip list, pip show, pip freeze |
| If Detected | Add These Commands |
|---|---|
| Any Node.js | node --version |
pnpm-lock.yaml | pnpm list, pnpm why |
yarn.lock | yarn list, yarn info, yarn why |
package-lock.json | npm list, npm view, npm outdated |
TypeScript (tsconfig.json) | tsc --version |
| If Detected | Add These Commands |
|---|---|
go.mod | go version, go list, go mod graph, go env |
Cargo.toml | rustc --version, cargo --version, cargo tree, cargo metadata |
Gemfile | ruby --version, bundle list, bundle show |
pom.xml | java --version, mvn --version, mvn dependency:tree |
build.gradle | java --version, gradle --version, gradle dependencies |
| If Detected | Add These Commands |
|---|---|
Dockerfile | docker --version, docker ps, docker images |
docker-compose.yml | docker-compose ps, docker-compose config |
*.tf files | terraform --version, terraform providers, terraform state list |
Makefile | make --version, make -n |
If this is a Sentry project (or sentry-skills plugin is installed), include:
[
"Skill(sentry-skills:agents-md)",
"Skill(sentry-skills:blog-writing-guide)",
"Skill(sentry-skills:brand-guidelines)",
"Skill(sentry-skills:claude-settings-audit)",
"Skill(sentry-skills:code-review)",
"Skill(sentry-skills:code-simplifier)",
"Skill(sentry-skills:commit)",
"Skill(sentry-skills:create-branch)",
"Skill(sentry-skills:create-pr)",
"Skill(sentry-skills:django-access-review)",
"Skill(sentry-skills:django-perf-review)",
"Skill(sentry-skills:doc-coauthoring)",
"Skill(sentry-skills:find-bugs)",
"Skill(sentry-skills:gh-review-requests)",
"Skill(sentry-skills:gha-security-review)",
"Skill(sentry-skills:iterate-pr)",
"Skill(sentry-skills:pr-writer)",
"Skill(sentry-skills:security-review)",
"Skill(sentry-skills:skill-creator)",
"Skill(sentry-skills:skill-scanner)",
"Skill(sentry-skills:skill-writer)",
"Skill(sentry-skills:sred-project-organizer)",
"Skill(sentry-skills:sred-work-summary)"
]
[
"WebFetch(domain:docs.sentry.io)",
"WebFetch(domain:develop.sentry.dev)",
"WebFetch(domain:docs.github.com)",
"WebFetch(domain:cli.github.com)"
]
| If Detected | Add Domains |
|---|---|
| Django | docs.djangoproject.com |
| Flask | flask.palletsprojects.com |
| FastAPI | fastapi.tiangolo.com |
| React | react.dev |
| Next.js | nextjs.org |
| Vue | vuejs.org |
| Express | expressjs.com |
| Rails | guides.rubyonrails.org, api.rubyonrails.org |
| Go | pkg.go.dev |
| Rust | docs.rs, doc.rust-lang.org |
| Docker | docs.docker.com |
| Kubernetes | kubernetes.io |
| Terraform | registry.terraform.io |
MCP servers are configured in .mcp.json (not settings.json). Check for existing config:
cat .mcp.json 2>/dev/null || echo "No existing .mcp.json"
Add to .mcp.json (replace {org-slug} and {project-slug} with your Sentry organization and project slugs):
{
"mcpServers": {
"sentry": {
"type": "http",
"url": "https://mcp.sentry.dev/mcp/{org-slug}/{project-slug}"
}
}
}
Add to .mcp.json:
{
"mcpServers": {
"linear": {
"command": "npx",
"args": ["-y", "@linear/mcp-server"],
"env": {
"LINEAR_API_KEY": "${LINEAR_API_KEY}"
}
}
}
}
Note: Never suggest GitHub MCP. Always use gh CLI commands for GitHub.
Present your findings as:
Example output structure:
## Detected Tech Stack
| Category | Found |
| --------------- | -------------- |
| Languages | Python 3.x |
| Package Manager | poetry |
| Frameworks | Django, Celery |
| Services | Sentry |
| Build Tools | Docker, Make |
## Recommended .claude/settings.json
\`\`\`json
{
"permissions": {
"allow": [
// ... grouped by category with comments
],
"deny": []
}
}
\`\`\`
## Recommended .mcp.json (if applicable)
If you use Sentry or Linear, add the MCP config to `.mcp.json`...
:* suffix allows any arguments to the base command/home/user/scripts/foo or /Users/name/bin/bar./scripts/deploy.sh)Only include the package manager actually used by the project:
| If Detected | Include | Do NOT Include |
|---|---|---|
pnpm-lock.yaml | pnpm commands | npm, yarn |
yarn.lock | yarn commands | npm, pnpm |
package-lock.json | npm commands | yarn, pnpm |
poetry.lock | poetry commands | pip (unless also has requirements.txt) |
uv.lock | uv commands | pip, poetry |
Pipfile.lock | pipenv commands | pip, poetry |
If multiple lock files exist, include only the commands for each detected manager.
npx claudepluginhub sickn33/antigravity-awesome-skills --plugin antigravity-bundle-aas-mobile-app-builderScans a repository's tech stack, build tools, and monorepo structure to generate recommended Claude Code settings.json read-only permissions. Useful when starting a new project or auditing existing settings.
Sets up Claude Code projects with config files and audits existing ones for permissions, context quality, MCP coverage, leaked secrets, stale docs, and cruft. Uses sub-agents for analysis.
Explains Claude Code settings hierarchy, permission wildcards, allow/deny patterns, and tool configurations. Use for setting up project permissions, debugging access issues, or understanding tool blocks.