Stats
Actions
Tags
From hardening-dev-environment
Audits a project's hardening-dev-environment defense layers and recommends a setup order to apply them. Use when you hear "harden dev environment", "set up hardening", "hardening overview", "audit claude code hardening".
How this skill is triggered — by the user, by Claude, or both
Slash command
/hardening-dev-environment:hardening-overviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Inspect defense layer state, recommend a setup order, and hand off to the specific layer skill. Application is delegated — this skill writes nothing.
Inspect defense layer state, recommend a setup order, and hand off to the specific layer skill. Application is delegated — this skill writes nothing.
| # | Layer | Owner | Threats addressed |
|---|---|---|---|
| 1 | Static permissions.{deny, ask, allow} rules | hardening-claude-permissions | Persistence (config writes), credential exfil (reads), outbound exfil, plugin-authoring confirmation gate |
| 2 | Bundled runtime hooks (auto-active) | This plugin (sensitive-bash-guard, package-json-scripts-guard, pyproject-buildsystem-guard, untrusted-content-reminder) | Bash credential-read bypass, package.json scripts tampering, pyproject.toml [build-system] / setup.py tampering, indirect prompt injection from WebFetch results |
| 3 | WebFetch trust discipline | hardening-untrusted-content | Indirect prompt injection — trust-boundary checklist + vendor allowlist that drives the PostToolUse hook |
| 4a | npm supply chain config | hardening-pnpm-config | Malicious package install / build-script execution / unpinned npx |
| 4b | PyPI supply chain config | hardening-uv-config | Fresh-malicious-package install / dependency confusion / unpinned pip install / pipx run |
| 5 | Pre-commit secret scan | checking-oss-release plugin (sibling) | Plaintext secrets reaching commit-time |
Layer 2 hooks auto-activate when this plugin is enabled — no setup. The other layers are applied via their owner skill.
Read settings and project configuration. Treat absent files as "layer unapplied" — never fail on a missing file.
[ -f .claude/settings.json ] && jq '{defaultMode: .permissions.defaultMode, deny: .permissions.deny, ask: .permissions.ask, allow: .permissions.allow}' .claude/settings.json 2>/dev/null || echo "no .claude/settings.json"
[ -f .claude/settings.local.json ] && jq '.enabledPlugins' .claude/settings.local.json 2>/dev/null
[ -f package.json ] && jq '{packageManager, pnpm}' package.json 2>/dev/null || echo "no package.json"
[ -f pyproject.toml ] && grep -E '^\[(tool\.uv|build-system|project)\]' pyproject.toml || echo "no pyproject.toml"
ls requirements*.txt setup.py poetry.lock Pipfile pdm.lock 2>/dev/null
| State | Meaning |
|---|---|
| applied | All expected rules / settings present |
| partial | Some present, others missing |
| unapplied | None present |
| N/A | Layer does not apply (e.g. row 4a on a non-Node project, row 4b on a non-Python project) |
Ask the user:
If the plan is unknown, treat as Pro (most conservative path).
Show:
Do not auto-invoke other skills.
Point the user to the relevant skill name (see See Also). This skill exits after the report.
| Order | Skill | When to apply |
|---|---|---|
| 1 | hardening-claude-permissions | First. Mode-agnostic deny rules are hard guarantees, regardless of defaultMode |
| 2 | hardening-pnpm-config | If Node project |
| 3 | hardening-uv-config | If Python project (also handles migration from legacy pip / setup.py to uv) |
| 4 | hardening-untrusted-content | After WebFetch trust-boundary discipline is in place |
hardening-claude-permissions is recommended for all plan tiers — its rule set targets an acceptEdits-based permission mode, which works on every plan from Pro upward. Other modes (default, auto, dontAsk) interact with the rule set differently; see hardening-claude-permissions for mode-specific guidance.
| Use case | Adjustment |
|---|---|
| CI-only (non-interactive) | Use dontAsk mode instead of acceptEdits — denies everything not pre-allowed |
| Plugin-authoring repo | Keep permissions.ask on .claude/{skills,agents,commands}/** — do not promote to deny |
| Production-touching | Add explicit deny on production-deploy commands (gcloud deploy, kubectl apply) beyond defaults |
For commit-time content scanning, see the sibling checking-oss-release plugin. Independent of this plugin; composes without overlap.
| Skill | Purpose |
|---|---|
hardening-claude-permissions | Static permissions.{deny, ask, allow} rules |
hardening-untrusted-content | WebFetch trust boundary + vendor allowlist |
hardening-pnpm-config | pnpm 10.26+ config + npx → pnpm dlx |
hardening-uv-config | uv [tool.uv] config + legacy pip / setup.py migration + pip install / pipx run → uv add / uvx |
External:
Provides behavioral guidelines to reduce common LLM coding mistakes, focusing on simplicity, surgical changes, assumption surfacing, and verifiable success criteria.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Creates, edits, and optimizes skills for Claude Code, including drafting, evaluating with test prompts, iterating on performance, and improving skill descriptions for better triggering accuracy.
npx claudepluginhub khaym/claude-code-plugins --plugin hardening-dev-environment