How do permission wildcards work in Claude Code?

Wildcards use the syntax 'Bash(command:*)' to match a command prefix followed by any arguments. This allows you to authorize specific tools like 'git' or 'npm' without allowing unrestricted shell access.

How do I restrict Claude from running specific commands?

You can use the 'deny' block in your .claude/settings.json file to list specific Bash patterns, such as 'Bash(sudo:*)' or 'Bash(rm -rf:*)', to prevent Claude from executing them.

Where should I store project-specific security settings?

Store committed team settings in .claude/settings.json and private local overrides in .claude/settings.local.json, which should be added to your .gitignore.

What are shell operator protections in Claude Code?

Claude Code (v2.1.7+) automatically blocks dangerous operators like &&, |, and ; to prevent command injection. These require explicit user approval unless wrapped in a pre-approved script.

Claude Security Settings

Name: Claude Security Settings
Author: laurigates

bylaurigates

•

Security & Testing

Configures granular security permissions, shell operator protections, and project-level access controls for Claude Code.

This skill provides expert guidance for securing Claude Code environments through sophisticated permission management and shell safety protocols. It enables developers to define precise wildcard patterns for tool access, implement multi-level security scopes (User, Project, and Local), and navigate built-in protections against dangerous shell operators. By implementing these patterns, teams can safely automate complex workflows—from Git operations to CI/CD tasks—while maintaining a 'least privilege' security posture that prevents unauthorized command execution.

Key Features

01Built-in protection against dangerous shell operators and command injection

02Granular permission wildcard configuration for precise Bash tool access

03Automated validation patterns for JSON settings and permission priority

04Multi-level settings management across User, Project, and Local scopes

05Pre-configured permission templates for Git, testing, and security scanning

063 GitHub stars

Use Cases

01Establishing a secure, shared permission baseline for team-wide development repositories

02Restricting Claude's access to destructive commands like 'rm -rf' or 'sudo' across all projects

03Configuring safe execution environments for complex CI/CD and deployment scripts

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add laurigates/claude-plugins claude-security-settings

For use in Claude.ai and ChatGPT

Download Skill