nsheaps/claude-code
plugins/agentic-behavior/skills/claude-code/SKILL.md
Reference material for Claude Code internals — the on-disk layout under ~/.claude and project-scope .claude, the plugin cache, session-env propagation, and the full hook lifecycle. Auto-recall when working on Claude-Code-related tasks: writing or debugging hooks, authoring plugins, inspecting session state, troubleshooting why an env var is or isn't visible to a Bash tool call, or when paths under ~/.claude or ~/.claude/plugins/ come up.
$ install --global
skillsauthnpx skillsauth add nsheaps/ai-mktpl claude-codeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 20, 2026, 7:05 AM112.5s3 files scanned
SKILL.md
- name:
- claude-code
- description:
- >-
- Claude-Code-related tasks:
- writing or debugging hooks, authoring plugins,
- argument-hint:
- [topic]
- user-invocable:
- false
<!-- TODO: This skill will be moved to a future "claude-code" plugin in ai-mktpl that absorbs the upstream claude-plugins-official/plugin-dev and skill-dev plugins. -->
Claude Code Internals
Reference material for how Claude Code (the CLI harness) is laid out on disk and how its hook system works. This is auto-recalled when an agent needs to reason about Claude Code internals; the body here is intentionally short so it doesn't bloat context. Read the supplementary docs in this directory for detail when the task warrants it.
When to read which doc
| Task | Doc |
| -------------------------------------------------------------------------------- | ---------------------------------------------------------------- |
| "Where does Claude store sessions / projects / plugins?" | folder-structure.md |
| "What's in ~/.claude/session-env/<id>/ and is it a leak?" | folder-structure.md (session-env section) |
| "How is project path encoded under ~/.claude/projects/?" | folder-structure.md |
| "What hook events exist? When does X fire?" | hooks.md |
| "What JSON does a PreToolUse hook receive / return?" | hooks.md |
| "Difference between command, prompt, agent, http, mcp_tool hook types" | hooks.md |
| "How do SessionStart hooks propagate env to Bash calls?" | hooks.md (CLAUDE_ENV_FILE section) |
Quick orientation
- User-scope state:
~/.claude/(shared across projects on this machine) - Project-scope state:
<repo>/.claude/(committed to the repo, project-specific) - Plugin cache:
~/.claude/plugins/cache/<marketplace>/<plugin>/<version>/ - Hooks are configured in
settings.jsonunder a top-levelhookskey, or bundled inside a plugin at<plugin>/hooks/hooks.json.
Related skills and plugins
plugin-dev:plugin-structure— authoring plugin manifests and layoutplugin-dev:hook-development— writing hooks (events, output contracts)plugin-dev:skill-development— authoring skills like this oneupdate-config— modifyingsettings.json/settings.local.json
Source of truth
When this skill and the official docs disagree, the official docs win: https://code.claude.com/docs/en/hooks. File a follow-up to update this skill if you find a discrepancy.
Related Skills
nsheaps/github-app-token
development
VerifiedTrustedCommunity
Manage GitHub App installation tokens in Claude Code sessions. Use when tokens expire, auth errors occur in long-running sessions, or when setting up GitHub App credentials for agent teams. <example>my github token expired</example> <example>refresh the github app token</example> <example>check token status</example> <example>set up github app authentication for this session</example>
3SKILL.mdUpdated Apr 22, 2026
nsheaps/auto-config
tools
VerifiedTrustedCommunity
Auto-detect project formatting tools and configure edit-utils settings
3SKILL.mdUpdated Apr 22, 2026
nsheaps/op
tools
VerifiedTrustedCommunity
Use this skill when the user asks about 1Password, secrets management, retrieving credentials, using op CLI, service accounts, secret references, vault operations, or any task involving the 1Password CLI (op). Also use when needing to inject secrets into environment variables, read passwords or API keys from 1Password, or manage 1Password items from the command line.
3SKILL.mdUpdated Apr 22, 2026
nsheaps/op-exec
tools
VerifiedTrustedCommunity
Use this skill when the user asks about op-exec, running commands with 1Password secrets injected, wrapping processes with secret injection, automating secret-aware command execution, or configuring whole-item environment injection with multiple output targets. op-exec is a wrapper around the 1Password CLI that simplifies running commands with secrets from 1Password vaults.
3SKILL.mdUpdated Apr 19, 2026