claude-settings-audit
Analyze a repository to generate recommended Claude Code settings.json permissions. Use when setting up a new project, auditing existing settings, or determining which read-only bash commands to allow. Detects tech stack, build tools, and monorepo structure.
Best use case
claude-settings-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Analyze a repository to generate recommended Claude Code settings.json permissions. Use when setting up a new project, auditing existing settings, or determining which read-only bash commands to allow. Detects tech stack, build tools, and monorepo structure.
Teams using claude-settings-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/claude-settings-audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How claude-settings-audit Compares
| Feature / Agent | claude-settings-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Analyze a repository to generate recommended Claude Code settings.json permissions. Use when setting up a new project, auditing existing settings, or determining which read-only bash commands to allow. Detects tech stack, build tools, and monorepo structure.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Claude Settings Audit
Analyze this repository and generate recommended Claude Code `settings.json` permissions for read-only commands.
## Phase 1: Detect Tech Stack
Run these commands to detect the repository structure:
```bash
ls -la
find . -maxdepth 2 \( -name "*.toml" -o -name "*.json" -o -name "*.lock" -o -name "*.yaml" -o -name "*.yml" -o -name "Makefile" -o -name "Dockerfile" -o -name "*.tf" \) 2>/dev/null | head -50
```
Check for these indicator files:
| Category | Files to Check |
|----------|---------------|
| **Python** | `pyproject.toml`, `setup.py`, `requirements.txt`, `Pipfile`, `poetry.lock`, `uv.lock` |
| **Node.js** | `package.json`, `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml` |
| **Go** | `go.mod`, `go.sum` |
| **Rust** | `Cargo.toml`, `Cargo.lock` |
| **Ruby** | `Gemfile`, `Gemfile.lock` |
| **Java** | `pom.xml`, `build.gradle`, `build.gradle.kts` |
| **Build** | `Makefile`, `Dockerfile`, `docker-compose.yml` |
| **Infra** | `*.tf` files, `kubernetes/`, `helm/` |
| **Monorepo** | `lerna.json`, `nx.json`, `turbo.json`, `pnpm-workspace.yaml` |
## Phase 2: Detect Services
Check for service integrations:
Read dependency files to identify frameworks:
- `package.json` → check `dependencies` and `devDependencies`
- `pyproject.toml` → check `[project.dependencies]` or `[tool.poetry.dependencies]`
- `Gemfile` → check gem names
- `Cargo.toml` → check `[dependencies]`
## Phase 3: Check Existing Settings
```bash
cat .claude/settings.json 2>/dev/null || echo "No existing settings"
```
## Phase 4: Generate Recommendations
Build the allow list by combining:
### Baseline Commands (Always Include)
```json
[
"Bash(ls:*)",
"Bash(pwd:*)",
"Bash(find:*)",
"Bash(file:*)",
"Bash(stat:*)",
"Bash(wc:*)",
"Bash(head:*)",
"Bash(tail:*)",
"Bash(cat:*)",
"Bash(tree:*)",
"Bash(git status:*)",
"Bash(git log:*)",
"Bash(git diff:*)",
"Bash(git show:*)",
"Bash(git branch:*)",
"Bash(git remote:*)",
"Bash(git tag:*)",
"Bash(git stash list:*)",
"Bash(git rev-parse:*)",
"Bash(gh pr view:*)",
"Bash(gh pr list:*)",
"Bash(gh pr checks:*)",
"Bash(gh pr diff:*)",
"Bash(gh issue view:*)",
"Bash(gh issue list:*)",
"Bash(gh run view:*)",
"Bash(gh run list:*)",
"Bash(gh run logs:*)",
"Bash(gh repo view:*)",
"Bash(gh api:*)"
]
```
### Stack-Specific Commands
| If Detected | Add These Commands |
|-------------|-------------------|
| **Python** | `python --version`, `python3 --version`, `pip list`, `pip show`, `pip freeze`, `poetry show`, `poetry env info`, `uv pip list` |
| **Node.js** | `node --version`, `npm list`, `npm view`, `npm outdated`, `yarn list`, `yarn info`, `yarn why`, `pnpm list`, `tsc --version` |
| **Go** | `go version`, `go list`, `go mod graph`, `go env` |
| **Rust** | `rustc --version`, `cargo --version`, `cargo tree`, `cargo metadata` |
| **Ruby** | `ruby --version`, `gem list`, `bundle list`, `bundle show` |
| **Java** | `java --version`, `mvn --version`, `mvn dependency:tree`, `gradle --version`, `gradle dependencies` |
| **Docker** | `docker --version`, `docker ps`, `docker images`, `docker-compose ps`, `docker-compose config` |
| **Terraform** | `terraform --version`, `terraform providers`, `terraform state list` |
| **Make** | `make --version`, `make -n` |
```
#### Framework-Specific
| If Detected | Add Domains |
|-------------|-------------|
| **Django** | `docs.djangoproject.com` |
| **Flask** | `flask.palletsprojects.com` |
| **FastAPI** | `fastapi.tiangolo.com` |
| **React** | `react.dev` |
| **Next.js** | `nextjs.org` |
| **Vue** | `vuejs.org` |
| **Express** | `expressjs.com` |
| **Rails** | `guides.rubyonrails.org`, `api.rubyonrails.org` |
| **Go** | `pkg.go.dev` |
| **Rust** | `docs.rs`, `doc.rust-lang.org` |
| **Docker** | `docs.docker.com` |
| **Kubernetes** | `kubernetes.io` |
| **Terraform** | `registry.terraform.io` |
### MCP Server Suggestions
MCP servers are configured in `.mcp.json` (not `settings.json`). Check for existing config:
```bash
cat .mcp.json 2>/dev/null || echo "No existing .mcp.json"
```
#### Sentry MCP (if Sentry SDK detected)
Add to `.mcp.json`:
```json
{
"mcpServers": {
"sentry": {
"command": "uvx",
"args": ["mcp-server-sentry"],
"env": {
"SENTRY_AUTH_TOKEN": "${SENTRY_AUTH_TOKEN}"
}
}
}
}
```
#### Linear MCP (if Linear usage detected)
Add to `.mcp.json`:
```json
{
"mcpServers": {
"linear": {
"command": "npx",
"args": ["-y", "@linear/mcp-server"],
"env": {
"LINEAR_API_KEY": "${LINEAR_API_KEY}"
}
}
}
}
```
**Note**: Never suggest GitHub MCP. Always use `gh` CLI commands for GitHub.
## Output Format
Present your findings as:
1. **Summary Table** - What was detected
2. **Recommended settings.json** - Complete JSON ready to copy
3. **MCP Suggestions** - If applicable
4. **Merge Instructions** - If existing settings found
Example output structure:
```markdown
## Detected Tech Stack
| Category | Found |
|----------|-------|
| Languages | Python 3.x |
| Package Manager | poetry |
| Frameworks | Django, Celery |
| Services | Sentry |
| Build Tools | Docker, Make |
## Recommended .claude/settings.json
\`\`\`json
{
"permissions": {
"allow": [
// ... grouped by category with comments
],
"deny": []
}
}
\`\`\`
```
## Important Notes
- Only suggest READ-ONLY commands - never commands that modify state
- The `:*` suffix allows any arguments to the base command
- Group commands with comments for readability
- If existing settings found, show what to add vs what's already presentRelated Skills
Git-Workspace-Audit
Audit a git repository's health by analyzing commit activity, contributors, hottest files, bug-fix hotspots, and reverts/hotfixes. Produces a Slack-formatted report copied to clipboard.
auditing-claude-instructions
Use this skill when evaluating, auditing, reviewing, or optimizing CLAUDE.md files (or agents.md files) for effectiveness. Triggers on "review my CLAUDE.md", "optimize my claude instructions", "is my CLAUDE.md effective", "audit my claude config", or when users share their CLAUDE.md content for feedback. Evaluates files against a research-backed rubric covering minimality, tooling, codebase overviews, novelty, and authorship.
stop-slop
Use this skill when writing or editing prose to eliminate predictable AI writing patterns. Helps make writing more direct, authentic, and human.
sonos-control
Control Sonos speakers on Tim's home network. Use when the user wants to (1) play, pause, or stop music on Sonos speakers, (2) change volume on speakers, (3) skip tracks, (4) check what's playing, (5) see speaker status, (6) group or ungroup speakers, (7) any Sonos or music/audio playback task involving home speakers. Triggers on "sonos", "speakers", "play music", "what's playing", "volume", "turn up", "turn down", "pause music", "stop music".
slack-message
Draft and send Slack messages in Tim's natural voice. Use when the user wants to (1) post an update to a channel, (2) draft a Slack message, (3) share something on Slack, (4) send a DM, (5) reply in a thread. Applies Tim's Slack writing style and prose principles automatically.
skill-creator
Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, edit, or optimize an existing skill, run evals to test a skill, benchmark skill performance with variance analysis, or optimize a skill's description for better triggering accuracy.
sending-to-codex
Delegate tasks or ask questions to OpenAI's Codex CLI from within Claude Code. Use this skill when the user says "ask codex", "send to codex", "delegate to codex", "have codex do this", "get codex's opinion", "run this in codex", or wants to offload a coding task or question to the Codex agent. Supports both fire-and-forget coding tasks (fix bugs, add features, refactor) and research questions (analyze code, explain behavior, get a second opinion).
reviewing-writing
Review and critique writing using Michael Nielsen's principles on craft. Analyzes text for purpose focus, brevity, danger words, opening strength, originality, reader psychology, truthfulness, and title impact. Use when the user says "review my writing", "nielsen review", "writing review", "review this writing", "critique my writing", or asks for feedback on prose quality.
reviewing-code
Review pull requests, branch changes, or code diffs. Triggers on "review this PR", "review my changes", "code review", "review branch", or GitHub PR URLs. Focuses on bugs, tests, complexity, and performance - not linting.
resend-email
Send emails via Resend.com API. Use when the user wants to (1) send an email, (2) email someone, (3) send a message to an email address, (4) send email with attachments, (5) schedule an email for later. Requires RESEND_API_KEY environment variable.
refresh-dotfiles
Full sync of personal (yadm) and work (yadm-work) dotfiles. Pulls remote changes, commits and pushes local changes, and audits for untracked files that should be tracked. Use when the user says 'refresh yadm', 'sync dotfiles', 'dotfiles sync', or 'update dotfiles'.
omnifocus
Interact with OmniFocus task manager via the command-line interface (@stephendolan/omnifocus-cli). Use when the user wants to: (1) Add tasks or projects to OmniFocus, (2) List, view, or search tasks/projects, (3) Update or complete tasks, (4) Manage inbox items, (5) Work with tags and analyze tag usage, (6) Process or organize their OmniFocus database from the command line.