Stats
Actions
Tags
From hatch3r
Category-indexed reference for 29 specialist CLI tools beyond ripgrep, jq, gh, fd, fzf. Helps pick the right tool for HTTP clients, AI chat, structural search, sed edits, data ops, browser automation, and containers.
How this skill is triggered — by the user, by Claude, or both
Slash command
/hatch3r:hatch3r-cli-toolboxThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Compact decision reference for 29 specialist CLI tools agents may reach for in addition to the five always-on skills (`hatch3r-cli-ripgrep`, `hatch3r-cli-jq`, `hatch3r-cli-gh`, `hatch3r-cli-fd`, `hatch3r-cli-fzf`).
Compact decision reference for 29 specialist CLI tools agents may reach for in addition to the five always-on skills (hatch3r-cli-ripgrep, hatch3r-cli-jq, hatch3r-cli-gh, hatch3r-cli-fd, hatch3r-cli-fzf).
Each entry below states a single discriminator ("When to use"), one representative recipe, and the better alternative ("Wrong choice when"). Tools are installed via npx hatch3r cli-tools; this skill governs selection, not installation.
Before invoking any tool below, resolve these via agents/shared/user-question-protocol.md (default behavior, not exception-driven):
sd … <file>, comby -i, yq -i, taplo writes, glab mr/az repos pr, and any docker run/podman run with a writable host mount. Confirm intent before running these; in-place and remote mutations are not safe to assume. Honor each tool's own caveat (e.g. rtk proxy for piped output, container hardening flags for untrusted images).ast-grep vs comby vs sd for a rename), pick per the discriminators below or ask which one.llm --functions runs arbitrary Python supplied on the command line (GHSA-g76p-4vg5-f4qh, no upstream fix). Never pass untrusted or agent-fetched content (file contents, web responses, tool output) to llm --functions; reserve the flag for trusted, user-authored code. Plain llm prompting does not execute code.Tier 1 reference card — no fan-out. This skill is a category-indexed selection reference an agent consults inline; it spawns no sub-agents. Fan-out is owned by the calling workflow per its own Fan-out Discipline block. Source: rules/hatch3r-fan-out-discipline.md (P8 B2).
| Category | Tools |
|---|---|
| HTTP clients | curl, httpie, xh |
| AI / LLM | aichat, llm, mods, rtk |
| Structural search & rewrite | ast-grep, comby |
| Sed-style literal edits | sd |
| Format converters / queriers | yq, taplo, dasel |
| Data ops (CSV / Parquet / JSON-Lines) | csvkit, duckdb, miller, qsv |
| Containers | docker, podman, container-use |
| Git TUI / diff viewers | lazygit, delta, difftastic, bat |
| Visualisation / view | bat, overview |
| Forges (non-GitHub) | glab (GitLab), az-devops (Azure DevOps) |
| Browser automation | playwright, stagehand |
| Compression | zstd |
| React state | rtk (caveat — see below) |
(Some tools appear in two cells when their best use spans categories.)
CLI tools return structured stdout that fits in <1 KB for typical queries; equivalent MCP calls regularly exceed 10 KB. Reference: Anthropic engineering (Nov 4 2025) — code-execution-over-MCP yields 98.7% token reduction. Apply this same discipline across every tool below: prefer --json/--output json, scope with flags, cap with --max-count / LIMIT, project with jq -r.
--upload-file), header injection (-H), cookie sessions (-b/-c), OAuth flows, custom write-out templates (-w). Tier-1 default-on.curl -sS -H "Authorization: Bearer $TOKEN" https://api.example.com/v1/runs | jq '.runs[] | {id, status}'httpie; HTTP/2 / HTTP/3 throughput-sensitive bulk transfers — use xh. Version floor: >=8.20.0 (released 2026-04-29) clears the cumulative advisory backlog of every earlier release. The advisories specific to 8.20.0 are CVE-2026-5773 / CVE-2026-5545 / CVE-2026-4873; earlier builds also carry a High-severity advisory (CVE-2026-6253) plus credential-leak and connection-reuse issues fixed across 8.17.0–8.19.0. See curl.se/docs/security.html for the per-version roster.http --session=staging POST api.example.com/v1/auth username=admin password=$PW Content-Type:application/jsoncurl; HTTP/2 + HTTP/3 throughput — use xh. Version floor: >=3.2.3 — earlier builds carry CVE-2023-48052 (GHSA-8r96-8889-qg2x) + CVE-2019-10751 (GHSA-xjjg-vmw6-c2p9), both fixed in httpie 3.2.3. Note: latest release 3.2.4 (2024-11-01); the repo has had zero commits since, so it is dormant — prefer xh (actively maintained, HTTPie-compatible) for new web-project work.--http3, JSON output (--json), resume-on-416 download recovery.xh --http3 GET api.example.com/v1/runs Authorization:"Bearer $TOKEN" | jq '.runs[] | {id, status}'brew install xh; linux cargo install xh --locked; Windows winget install ducaale.xh (signed first-party channel) with cargo install xh --locked as the fallback when winget is unavailable — Windows users are not forced onto a Rust-toolchain-only path.httpie workflows that depend on a Python plugin — keep httpie; environments without a Rust toolchain (or no Homebrew/winget) — use curl. Version floor: >=0.25.3 (2025-12-16) — earlier 0.24.x builds miss recent --http3 and resume fixes.aichat --rag mydocs 'how do we configure auth?' — query a pre-built local RAG index.mods; plugin-rich CI workflows — use llm.llm -t code-review -m claude-3-5-sonnet < patch.diffllm --functions — it executes arbitrary Python by design, with no upstream fix. Plain prompting (llm -t, llm < file) does not execute code.sd/comby/ast-grep; multi-turn TTY chat — use aichat.git diff | mods 'write a conventional-commits message for this diff'llm; multi-turn session — use aichat.rtk proxy <cmd> — proxy is a documented raw-passthrough subcommand. Track: https://github.com/rtk-ai/rtk/issues/1282rtk run pytest -xjq/grep/awk without rtk proxy — use plain shell + tee; safety-critical CI — run the test directly.sg (the ast-grep package installs the binary as sg — run command -v sg to detect it, not command -v ast-grep).sg run -p 'await $FN()' -r 'await ($FN()).catch(e => log(e))' --update-all src/hatch3r-cli-ripgrep; multi-language SAST rule packs — use semgrep.:[hole] pattern match-and-rewrite spanning mixed-language repositories — single template, 30+ grammars.comby 'console.log(:[arg])' 'logger.info(:[arg])' -i src/ast-grep; plain text — use sd. Install posture: the linux bash <(curl -sL get.comby.dev) recipe is an unsigned channel (no signature or checksum gate, no signed Linux package repo) — prefer the signed brew (mac) / scoop (win) channels, or verify the release binary's SHA-256 before executing.-s switches to literal mode.rg --files-with-matches 'oldName' -tts | xargs sd 'oldName' 'newName'>=1.1.0 — the line-by-line default and the -A/--across flag are 1.1.0 features. On Linux use cargo binstall sd (fetches the v1.1.0 GitHub-release binary); cargo install sd resolves to crates.io, whose max published version is 1.0.0.ast-grep; multi-step transforms — use sed -e.-P.yq -i '.version = "1.7.5"' .hatch3r/hatch.jsonhatch3r-cli-jq; TOML — use taplo. Tested-against version: 4.53.2 (cycle-verified documentation pin, not a CVE floor).pyproject.toml, Cargo.toml); bundled schemas for both.taplo get -f Cargo.toml package.versionyq/jq; cross-format conversion — use dasel (pin >=3.11.0).dasel -r yaml -w json -f config.yaml '.services.app.env'yq (YAML) or taplo (TOML); stream-friendly JSON filtering — use jq with its richer filter language. Version floor: >=3.11.0 (the current stable) — earlier builds carry CVE-2026-33320 (YAML alias DoS, fixed in 3.3.2), CVE-2026-46378 (selector-lexer DoS, fixed in 3.10.1), and CVE-2026-46377 (index-out-of-range panic, fixed in 3.10.1); pinning >=3.11.0 clears all three.csvlook, csvsql, csvjoin, csvstat — best for ad-hoc EDA and SQL-over-CSV.csvsql --query 'SELECT name FROM data WHERE active = 1' data.csvduckdb; single-column slice — use qsv. Tested-against version: 2.2.0 (cycle-verified documentation pin, not a CVE floor).duckdb -c "SELECT count(*) FROM 'data/*.parquet'"qsv; transactional writes — use SQLite/Postgres. Install posture: the linux curl https://install.duckdb.org | sh recipe is an unsigned channel (no signature or checksum gate) — prefer the signed brew (mac) / winget (win) channels, or verify the release binary's published SHA-256 before executing.awk-like record processing across CSV/TSV/JSON-Lines streams with the put/filter DSL.mlr --icsv --ojson put '$tax = $amount * 0.07' transactions.csvduckdb; trivial slicing — use qsv. Tested-against version: 6.18.1 (cycle-verified documentation pin, not a CVE floor).xsv successor (BurntSushi/xsv archived 2025-04-24, jqnatividad/qsv is the active fork).qsv search -s email '@example\.com$' users.csvduckdb; per-record DSL transforms — use miller.docker run --rm -v "$PWD":/app -w /app node:22 npm test:ro sub-tree bind.podman; Kubernetes deploy — use kubectl/helm. Version floor: >=29.5.2 — earlier engines carry CVE-2026-32288 (manifest DoS) plus CVE-2026-41567 / CVE-2026-41568 / CVE-2026-42306 (docker cp host-root TOCTOU, fixed in 29.5.1; 29.5.2 fixes the 29.5.1 docker cp regression). Install posture: the linux curl -fsSL https://get.docker.com | sudo sh recipe is an unsigned channel — prefer Docker's signed apt repository (download.docker.com, signed-by GPG key) or the signed brew (mac) / winget (win) channels.The default recipe above bind-mounts the entire repo root read-write, which exposes .env*, .git/, .aws/, .npmrc, .docker/config.json, ~/.kube/config, .hatch3r/learnings/, and node_modules to a compromised post-install script inside the container (D15-M15). On Linux, a process running as root inside a non-rootless container can write back through that mount with host-root semantics. F15.7-H5 (Cycle 10 D15-SA15.7) + D15-M15 hardening — copy the relevant flags into your runs when the workload comes from untrusted sources (third-party image, agent-generated docker run command, public Dockerfile):
--read-only --tmpfs /tmp keeps the container from writing back to the host even via /app.--user "$(id -u):$(id -g)" or rely on the image's non-root USER directive. Without it, a process inside the container runs as host root on Linux when Docker Desktop's user remapping is disabled.--security-opt no-new-privileges:true neutralises setuid binaries inside the image.-v "$PWD/src:/app/src:ro" instead of the full repo root. Never bind-mount ~, /, or /var/run/docker.sock to an untrusted container — the socket grants host root.Hardened equivalent of the recipe above:
docker run --rm --read-only --tmpfs /tmp \
--user "$(id -u):$(id -g)" \
--security-opt no-new-privileges:true \
--cap-drop ALL \
-v "$PWD/src:/app/src:ro" -w /app node:22 npm test
podman run --rm -v "$PWD:/app:Z" -w /app node:22 npm test (:Z triggers SELinux relabel on Fedora/RHEL).docker; tools that hard-code /var/run/docker.sock (unless podman system service is running). Version floor (Windows only): >=5.8.2 — earlier Windows builds carry CVE-2026-33414 (PowerShell command injection in podman machine init --image on the Hyper-V backend); mac and linux builds are unaffected.SECURITY.md is published. Adopt only if you accept undefined CVE disclosure paths. Track: https://github.com/dagger/container-use/releases.container-use env create --git-ref refs/heads/main --image node:22 --workdir /repo then cu exec npm test.docker or podman; stable D15 sandbox-escape boundary required — use podman rootless + selinux relabel.git.lazygit -p path/to/repo (TTY required; hangs in non-TTY).git status/add/commit for parseable stdout.git config --global core.pager delta then git config --global interactive.diffFilter 'delta --color-only'.difftastic. Version floor: >=0.8.3 — earlier builds carry CVE-2021-36376 (GHSA-5xg3-j2j6-rcx4 path traversal, fixed in git-delta 0.8.3).git -c diff.external=difft diff HEAD~1 HEADdiff -u; quick unified-diff pager — use delta.bat --plain --line-range 50:100 src/adapters/cursor.tsxxd | bat --language=hex); strict POSIX pipelines (use cat); two-file compare (use delta). Version floor: >=0.18.2 — earlier builds carry CVE-2021-36753 (GHSA-p24j-h477-76q3 uncontrolled search path, fixed in bat 0.18.2).hatch3r-cli-toolbox skill replaces it. Retained as a category cell for back-references in user content; if you see hatch3r-cli-overview mentioned anywhere (un-backticked here to keep the cross-reference scanner clean), treat it as a synonym for this toolbox.glab mr list --assignee=@me --output json | jq '.[] | {iid, title, web_url}'hatch3r-cli-gh; Azure Repos — use az-devops. Tested version: 1.99.0 (documentation pin, not a CVE floor) — the verified baseline at last audit.az CLI extension.az repos pr list --status active --query '[].pullRequestId' --output tsvhatch3r-cli-gh; GitLab — use glab. Tested version: az-devops extension 1.0.4 (documentation pin; the extension floats under az extension update). Install posture: the linux curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash recipe is an unsigned channel that runs as root — prefer Microsoft's signed apt repository (packages.microsoft.com, signed-by GPG key) or the signed winget (win) / brew (mac) channels.npx playwright test --grep '@smoke' --workers=1 --reporter=line>=1.55.1 — earlier npx playwright install builds carry CVE-2025-59288 (installer man-in-the-middle, CVSS 8.7). Keep current beyond the floor so the bundled Chromium rolls the CVE-2026-2441 fix; pin the sandbox container image to a current *-noble tag.curl + jq; agent-driven natural-language browsing — use stagehand.Playwright launches real Chrome / Firefox / WebKit processes that inherit the host user's environment (HOME, ~/.aws, browser profiles under ~/.config/google-chrome/). Visiting an attacker-controlled URL with the host user's credential store is the equivalent of granting that URL read access to every site you are logged into. F15.7-H5 (Cycle 10 D15-SA15.7) hardening — apply when navigating to URLs the agent has not vetted:
userDataDir: tmp.dirSync().name (or --user-data-dir=$(mktemp -d)) so the browser sees no saved sessions, no autofill, no cookies from the host profile.mcr.microsoft.com/playwright:v1.60.0-noble (pin a current tag; keep it current so the bundled Chromium carries the CVE-2026-2441 fix — an 18-month-stale tag like v1.49.0-jammy ships an unpatched browser-engine RCE). The image preinstalls every browser binary and isolates filesystem + network from the host. Reference: https://playwright.dev/docs/docker (Microsoft's official Playwright image is the maintained surface; pin to the immutable digest of a current release).args: ['--disable-gpu', '--no-sandbox'] is acceptable inside a hardened container, never on the host.await context.close(); context = await browser.newContext(); between unvetted URLs so cookie state does not leak across hops.playwright codegen <url> against an authed site. npx playwright codegen opens a browser session the user logs into, then writes the captured locators and credentials into a test file on disk. Running codegen against a host browser profile bakes the live session cookie / Authorization header into the emitted test, exposing the credential in any artefact the test is checked into. Mitigation: always pass --save-storage=storageState.json to capture state into a single named file you can scrub or .gitignore (instead of writing inline credentials), pass --user-data-dir=$(mktemp -d) so codegen does not start from the host's logged-in profile, and review the emitted test for any literal token, bearer string, or cookie: header before committing. Reference: https://playwright.dev/docs/codegen#preserve-authenticated-state (preserve auth via the storage-state file rather than inline credentials).Hardened equivalent of the recipe above (inside Microsoft's pinned image):
docker run --rm --network none -v "$PWD:/work:ro" -w /work \
mcr.microsoft.com/playwright:v1.60.0-noble \
npx playwright test --grep '@smoke' --workers=1 --reporter=line
playwright-core, puppeteer-core, patchright-core) are peer deps — install only the one you need.npx create-browser-app scaffolds a v3 project; runtime: stagehand.act("click the login button").playwright-core (Microsoft) as the default driver. puppeteer-core (Google) is also vendor-maintained; patchright-core is a less-vetted community detection-bypass fork with a different supply-chain trust profile. Pin whichever driver you install.tar --zstd -cf bundle.tar.zst dist/ docs/xz -9e; legacy Windows recipients — use zip; already-compressed payloads — skip compression.Verify each tool with command -v <bin>. Install commands.
Each install command below resolves to one of four trust postures. Read the posture before running any install command on an end-user machine — cargo install and bash <(curl … | sh) channels lack vendor-signed artefacts and require additional vetting.
| Posture | Channels | What it means | Mitigation when posture is "unsigned" |
|---|---|---|---|
| Signed | brew (homebrew/cask), apt (signed repo + Signed-By), snap, npm with --provenance / npm audit signatures, Microsoft Store, Mac App Store | Channel verifies a vendor signature against a pinned key before installing | (none) |
| Vendor-pinned | pipx, pip (lockfile + --require-hashes), go install against proxy.golang.org + GOSUMDB=on | Channel checksums or transparency log verifies that the resolved tarball matches the version's pinned hash | Verify lockfile committed, GOSUMDB=sum.golang.org not set to off |
| Unsigned | cargo install <crate> (crates.io publishes tarballs without per-release Sigstore signatures), pipx install directly from PyPI without --require-hashes | Channel ships the resolved tarball but does not verify it against a vendor signature; integrity is per-channel checksum only | Pin the version, verify SHA-256 against the project's published release, prefer --locked (cargo) or --require-hashes (pip); avoid running on a credential-bearing machine |
| Curl-piped-shell | bash <(curl … get.comby.dev), curl -fsSL … install.sh | bash | No checksum, no signature, attacker who controls the URL gets shell on your machine. Vendor maintained but unsigned at the channel level | Download the script first (curl -fsSL <url> -o install.sh), inspect it, optionally pin to a committed SHA via git show <ref>:install.sh | bash, never | bash straight from an untrusted network |
Install commands:
| Tool | mac (brew) | linux (apt / pip / other) |
|---|---|---|
aichat | brew install aichat | cargo install aichat |
ast-grep | brew install ast-grep | cargo install ast-grep --locked |
az-devops | brew install azure-cli && az extension add --name azure-devops | apt install azure-cli && az extension add --name azure-devops |
bat | brew install bat | apt install bat (binary may be batcat) |
comby | brew install comby | bash <(curl -sL get.comby.dev) |
container-use | brew install dagger/tap/container-use | curl -fsSL https://raw.githubusercontent.com/dagger/container-use/main/install.sh | bash |
csvkit | pipx install csvkit | pipx install csvkit |
curl | brew install curl (pin >=8.20.0) | apt install curl (verify >=8.20.0) |
dasel | brew install dasel (pin >=3.11.0) | go install github.com/tomwright/dasel/v3/cmd/dasel@latest |
delta | brew install git-delta | apt install git-delta (or download release) |
difftastic | brew install difftastic | cargo install difftastic |
docker | brew install --cask docker | apt install docker.io |
duckdb | brew install duckdb | download from https://duckdb.org/ |
glab | brew install glab | snap install glab (only in Ubuntu universe 24.04+; or GitLab release .deb) |
httpie | brew install httpie | snap install httpie (or pipx install httpie) |
lazygit | brew install lazygit | apt install lazygit |
llm | brew install llm | pipx install llm |
miller | brew install miller | apt install miller |
mods | brew install charmbracelet/tap/mods | apt install mods (Charm repo) |
playwright | npm install -D @playwright/test && npx playwright install (pin >=1.55.1) | same (verify >=1.55.1; sandbox image mcr.microsoft.com/playwright:v1.60.0-noble) |
podman | brew install podman | apt install podman |
qsv | brew install qsv | cargo install qsv |
rtk | brew install rtk-ai/tap/rtk | check upstream release |
sd | brew install sd (1.1.0) | cargo binstall sd (v1.1.0 GitHub release; cargo install sd pins crates.io 1.0.0 — older, no -A/--across) |
stagehand | npm install -g @browserbasehq/stagehand | same |
taplo | brew install taplo | cargo install taplo-cli --locked |
xh | brew install xh (pin >=0.25.3) | cargo install xh --locked |
yq | brew install yq | apt install yq (verify mikefarah Go build, not python wrapper) |
zstd | brew install zstd | apt install zstd |
This skill synthesizes 25 pre-existing in-repo per-tool skills (collapsed in v1.9.0 per the Decision #14 toolbox criterion in .claude/rules/content-authoring.md). The original source files (now removed) lived at the following paths (IDs intentionally un-backticked here so the cross-reference scanner does not treat removed standalone skills as broken canonical IDs):
Per hatch3r's artifact-inventory and redundancy analysis, the rejected merge alternative (keep every tool as a standalone skill) was rejected because the 25 collapsed entries averaged 75 lines each (1.9k lines total) with >70% structural duplication of the same "When to Use / Token Cost / Recipes / Wrong Choice / Alternatives / Install" frame — collapse into a single category-indexed reference cuts the surface to ~250 lines while preserving the discriminator that picks one tool over another.
npx claudepluginhub hatch3r/hatch3r --plugin hatch3rProvides shell scripting expertise for bash, zsh, POSIX; CLI tools like jq, yq, fd, rg for JSON/YAML processing, file search, automation, error handling, and cross-platform best practices. Useful for CLI commands, pipes, script development.
Covers fundamental CLI tools and utilities for software development: shells, Git, system package managers, Docker, SSH, curl, jq, regex, and build runners like Make.
Writes and reviews defensive Bash scripts for production automation, CI/CD, and system utilities. Enforces strict error handling, safe argument parsing, and portable patterns.