nsheaps/slash-command-writing
plugins/create-command/skills/slash-command-writing/SKILL.md
Use this skill when creating, updating, or maintaining Claude Code slash commands. Activates when user asks to create a new command, modify an existing command, or asks questions about slash command syntax and best practices.
$ install --global
skillsauthnpx skillsauth add nsheaps/ai-mktpl slash-command-writingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 4:08 PM92.9s1 file scanned
SKILL.md
- name:
- slash-command-writing
- description:
- >
Slash Command Writing Skill
This skill provides comprehensive guidance for creating and maintaining Claude Code slash commands.
When to Activate This Skill
Activate when:
- User asks to "create a slash command" or "make a command"
- User wants to "add a new /command"
- User asks about slash command syntax or structure
- User wants to update or fix an existing command
- User asks how to use bash commands in slash commands
- User wants to add file references to a command
Do NOT activate when:
- User is just running an existing command
- User asks general questions about Claude Code (use claude-code-guide agent)
- User is creating skills (use skill-maintenance skill instead)
Slash Command File Format
Location
| Scope | Location | Label in /help |
| ------- | ------------------------------ | -------------- |
| Project | .claude/commands/<name>.md | (project) |
| User | ~/.claude/commands/<name>.md | (user) |
Precedence: Project commands override user commands with the same name.
File Structure
---
allowed-tools: Tool1, Tool2, Bash(command:*)
argument-hint: [arg1] [arg2]
description: Brief description shown in /help
model: claude-opus-4-5-20251101
disable-model-invocation: false
---
# Command Title
Your command instructions here.
Use $ARGUMENTS for all arguments or $1, $2, etc. for positional arguments.
Frontmatter Fields
| Field | Required | Description |
| -------------------------- | -------- | ---------------------------------------------------- |
| description | Yes | Brief text shown in /help output |
| allowed-tools | No | Tools the command can use (inherits if not set) |
| argument-hint | No | Shows expected arguments in autocomplete |
| model | No | Specific model for this command |
| disable-model-invocation | No | Prevent programmatic execution via SlashCommand tool |
Argument Handling
All Arguments
Use $ARGUMENTS to capture everything after the command name:
---
description: Search codebase
argument-hint: [search query]
---
Search the codebase for: $ARGUMENTS
Usage: /search function that handles auth → $ARGUMENTS = function that handles auth
Positional Arguments
Use $1, $2, $3, etc. for specific positions:
---
description: Compare two files
argument-hint: [file1] [file2]
---
Compare the following files:
- First file: $1
- Second file: $2
Usage: /compare src/old.js src/new.js → $1 = src/old.js, $2 = src/new.js
Bash Command Execution
Execute shell commands using the ! backtick syntax. Output is included in the command context.
Requirements
- MUST include
allowed-toolsfrontmatter with appropriate Bash permissions - Use the
!`command`syntax (exclamation mark followed by backticks)
Syntax
---
allowed-tools: Bash(git status:*), Bash(git diff:*), Bash(git log:*)
description: Show git context
---
## Current State
- Git status: !`git status`
- Recent commits: !`git log --oneline -5`
- Current branch: !`git branch --show-current`
Bash Permission Patterns
| Pattern | Allows |
| -------------------- | ----------------------------- |
| Bash(git:*) | Any git command |
| Bash(git status:*) | git status with any arguments |
| Bash(npm:*) | Any npm command |
| Bash(ls:*) | ls with any arguments |
Common Bash Patterns
## Git Context
---
## allowed-tools: Bash(git:\*)
- Status: !`git status --short`
- Branch: !`git branch --show-current`
- Diff (staged): !`git diff --staged`
- Recent commits: !`git log --oneline -10`
## Package Info
---
## allowed-tools: Bash(npm:_), Bash(cat:_)
- Node version: !`node --version`
- Dependencies: !`npm ls --depth=0`
File References
Include file contents using the @ prefix:
## Context Files
Review the implementation in @src/utils/helpers.js
Compare:
- Old: @src/old-version.js
- New: @src/new-version.js
Behavior:
- File paths can be relative or absolute
@references automatically includeCLAUDE.mdfiles from the file's directory tree- Directory references show file listings, not contents
Extended Thinking
Trigger extended thinking by including thinking keywords:
---
description: Complex architecture design
---
ultrathink: Design a comprehensive caching layer
Consider performance, memory usage, and invalidation strategies.
Keywords: ultrathink, megathink, think hard, etc.
Best Practices
DO
- Keep commands focused on a single purpose
- Use descriptive command names
- Include
descriptionfrontmatter for discoverability - Provide
argument-hintwhen arguments are expected - Test commands before committing
- Include examples in complex commands
- Use
allowed-toolswhen using Bash commands
DON'T
- Create overly complex commands (use Skills instead)
- Duplicate bash logic across commands
- Leave commands without descriptions
- Mix unrelated functionality in one command
- Use commands for things that need multi-step workflows
Complexity Guideline
| Complexity Level | Use | | -------------------- | -------------------------- | | Quick prompts | Slash command | | Simple templates | Slash command | | Multi-step workflows | Skill | | Complex capabilities | Skill + supporting scripts |
Namespacing
Organize related commands in subdirectories:
.claude/commands/
├── optimize.md → /optimize (project)
├── frontend/
│ └── component.md → /component (project:frontend)
└── backend/
└── test.md → /test (project:backend)
Subdirectories appear in /help descriptions but don't affect the command name.
Creating a Command: Step-by-Step
Step 1: Determine Scope
- User command (
~/.claude/commands/): Personal, available everywhere - Project command (
.claude/commands/): Team-shared, repository-specific
Step 2: Check for Existing Commands
# User commands
ls -la ~/.claude/commands/
# Project commands (from git root)
ls -la .claude/commands/
Step 3: Create the File
# User command
mkdir -p ~/.claude/commands
touch ~/.claude/commands/my-command.md
# Project command
mkdir -p .claude/commands
touch .claude/commands/my-command.md
Step 4: Write the Command
- Add frontmatter with at least
description - Add
allowed-toolsif using Bash - Write clear, specific instructions
- Use
$ARGUMENTSor$1,$2for parameters - Add bash commands with
!`command`if needed - Include file references with
@pathif needed
Step 5: Test the Command
- Save the file
- Run the command:
/my-command test arguments - Verify behavior matches expectations
- Iterate on instructions if needed
Example Commands
Simple Prompt Command
---
description: Generate unit tests for a function
argument-hint: [function name or file path]
---
Generate comprehensive unit tests for: $ARGUMENTS
Include:
- Happy path tests
- Edge cases
- Error handling
- Mock dependencies where appropriate
Context-Aware Command
---
allowed-tools: Bash(git status:*), Bash(git diff:*), Bash(git log:*)
argument-hint: [commit message prefix]
description: Smart commit with context
---
# Smart Commit
## Current State
- Status: !`git status`
- Changes: !`git diff HEAD`
- Recent style: !`git log --oneline -5`
## Task
Create a commit with the following requirements:
- Prefix: $ARGUMENTS (if provided)
- Follow conventional commit format
- Match existing commit style
Multi-File Review Command
---
description: Review PR changes comprehensively
argument-hint: [focus area]
allowed-tools: Bash(git:*)
---
# Code Review
## Changed Files
!`git diff --name-only HEAD~1`
## Full Diff
!`git diff HEAD~1`
## Review Focus
$ARGUMENTS
## Instructions
Provide feedback on:
1. Code quality and style
2. Potential bugs or issues
3. Performance considerations
4. Security implications
Troubleshooting
Command Not Found
- Check file extension is
.md - Verify file is in correct location
- Check filename matches expected command name
- Ensure frontmatter YAML is valid
Bash Commands Not Running
- Add
allowed-toolsfrontmatter with Bash permissions - Use correct syntax:
!`command`(not just backticks) - Check command is allowed by permission pattern
Arguments Not Working
- Use
$ARGUMENTSfor all args,$1,$2for positional - Make sure there's no space between
$and number - Arguments are captured after the command name
Command Activates Unexpectedly
- Check
disable-model-invocation: trueto prevent programmatic execution - Review description for overly broad language
Related Resources
- Official Docs: https://code.claude.com/docs/en/slash-commands.md
- Common Workflows: https://code.claude.com/docs/en/common-workflows.md
- Skills vs Commands: https://code.claude.com/docs/en/slash-commands.md#skills-vs-slash-commands
Related Skills
nsheaps/github-app-session-env
tools
VerifiedTrustedCommunity
Manually reproduce what the github-app plugin's SessionStart hook does to make a GitHub App installation token usable in the current session — materialize the PEM, generate the token, isolate GH_CONFIG_DIR, write the runtime env file, and wire CLAUDE_ENV_FILE so every Bash call sees GH_TOKEN/GITHUB_TOKEN. Use when the hook did not run, the token is missing from the environment, or a shell/teammate needs the token wired up by hand. <example>GH_TOKEN isn't set even though github-app is configured</example> <example>the github-app SessionStart hook didn't run, set up the token manually</example> <example>wire the github app token into CLAUDE_ENV_FILE</example> <example>gh keeps falling back to the wrong account, isolate GH_CONFIG_DIR</example>
3SKILL.mdUpdated Jun 9, 2026
nsheaps/github-app-git-identity
tools
VerifiedTrustedCommunity
Manually configure the GitHub App bot git identity the way the github-app plugin's SessionStart hook does — resolve the app slug and bot user ID, build the <slug>[bot] name and noreply email, set GIT_AUTHOR_*/GIT_COMMITTER_* env vars, and write an isolated GIT_CONFIG_GLOBAL with the gh auth git-credential helper. Use when commits are attributed to the wrong account, "Author identity unknown" appears, or git identity must be set up by hand. <example>my commits are showing up as the handler, not the bot</example> <example>git says Author identity unknown after the github-app hook ran</example> <example>configure the github app bot git identity manually</example> <example>set up the gh credential helper for git push</example>
3SKILL.mdUpdated Jun 9, 2026
nsheaps/spec-management
tools
VerifiedTrustedCommunity
Manages spec files for requirements capture and validation
3SKILL.mdUpdated Jun 7, 2026
nsheaps/plugins/bash-command-rejection/skills/bash-chaining-alternatives
tools
VerifiedTrustedCommunity
# Bash Chaining Alternatives This skill teaches you how to work around the bash command chaining restriction enforced by this plugin. ## Why Chaining is Blocked The `bash-command-rejection` plugin blocks these operators: | Operator | Name | Why Blocked | | -------- | ---------- | ----------------------------------------------------------------------------------- | | `&&` | AND chain | Runs cmd2 only if cmd1 su
3SKILL.mdUpdated Jun 7, 2026