Stats
Actions
Tags
From casper
Applies Casper security settings to Claude Code .claude/settings.json by merging deny/allow rules and telemetry env vars without overwriting. Confirms changes and reminds to restart.
How this command is triggered — by the user, by Claude, or both
Slash command
/casper:setupThe summary Claude sees in its command listing — used to decide when to auto-load this command
# Casper Setup
Read the settings template at `${CLAUDE_PLUGIN_ROOT}/settings-template.json`.
Then apply these settings to the user's `.claude/settings.json`:
1. If `.claude/settings.json` doesn't exist, create it with the template contents
2. If it exists, MERGE the settings (don't overwrite existing user settings):
- Add any deny rules from the template that aren't already present
- Add any allow rules from the template that aren't already present
- Set env vars for telemetry if not already set
After applying, confirm what was added and remind the user to restart Claude Code f...Read the settings template at ${CLAUDE_PLUGIN_ROOT}/settings-template.json.
Then apply these settings to the user's .claude/settings.json:
.claude/settings.json doesn't exist, create it with the template contentsAfter applying, confirm what was added and remind the user to restart Claude Code for the changes to take effect.
The setup applies the following protections:
.env, .env.*, .env.local, .env.production**/secrets/**, **/.secrets/****/*credentials*casper:setup, casper:company, casper:projects, casper:transcriptsnpm run:*, npm test:*, npm install:*git status:*, git diff:*, git log:*, git add:*, git commit:*The bash validator hook blocks catastrophic commands:
rm -rf / and similar system-destroying patternscurl | bash (remote code execution)dd to block devices (disk destruction)DISABLE_TELEMETRY=1DISABLE_ERROR_REPORTING=1This plugin focuses on preventing irreversible, catastrophic operations rather than trying to block everything potentially dangerous. Denylists are inherently bypassable - these rules are a safety net, not a security boundary.
npx claudepluginhub casper-studios/casper-marketplace --plugin casper/cc-configGenerates, audits, or displays Claude Code configurations (CLAUDE.md, settings.json, .mcp.json). Supports generate with presets (developer, ci-cd, secure), audit for issues, and show for merged settings.
/security-auditAudits plugin configuration files including hooks, settings, agents, and CLAUDE.md for 8 security risks like command injection, secrets, and over-permissions. Produces severity-graded report.
/guardActivates safety guardrails that block destructive Bash commands (rm -rf), SQL drops (DROP TABLE), git force-pushes, and optionally restrict file edits to a directory. Explains each block.
/safe-modeActivates protective modes against destructive operations: cautious warns on risky Bash/git commands; lockdown restricts edits to a path; clear disables all. Reports status.
/hookifyCreates hook rules to prevent unwanted Claude Code behaviors by analyzing conversations or explicit instructions, generating YAML files in .claude/.
/guardActivates combined careful and freeze modes: blocks destructive commands and restricts edits to the specified glob pattern. Use 'off' to disable both.