Skillget

claude-setup

agent
Security Audit
Fail
Health Warn
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 6 GitHub stars
Code Fail
  • rm -rf — Recursive force deletion command in claude/hooks/block-destructive.sh
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This is a comprehensive configuration template and hook setup for the Claude Code CLI. It provides pre-made safety guardrails, automated skills, and memory templates designed to standardize and protect daily AI-assisted development workflows.

Security Assessment
Overall risk: Medium. The repository executes local shell commands and runs an install script that symlinks directly into the user's home directory (`~/.claude/`). The automated scan flagged a recursive force deletion command (`rm -rf`) inside the `block-destructive.sh` hook. While this specific hook is actually designed to *prevent* accidental data loss, the presence of forceful deletion logic requires careful manual review to ensure it behaves strictly as intended. The tool requests no overtly dangerous permissions, and no hardcoded secrets were found. However, the setup includes integrations for WhatsApp and Gmail, which inherently interact with highly sensitive personal data and require external API keys (stored locally in a `.env` file).

Quality Assessment
The project is very new and has low community visibility, evidenced by only 6 GitHub stars. On the positive side, it is actively maintained (last pushed 0 days ago), includes the permissive MIT license, and has a thorough, professional README. Because of the low community adoption, it has not yet undergone widespread peer review or battle-testing by the broader open-source community.

Verdict
Use with caution — the concept is solid and well-documented, but the low community trust, sensitive external integrations, and presence of shell deletion commands mean developers should carefully review the scripts before executing the installer.
SUMMARY

Production-grade Claude Code configuration: CLAUDE.md templates, 12 safety hooks, 40+ skills, memory system, server infra

README.md

claude-setup

Production-grade Claude Code configuration, extracted from 500+ real sessions

License: MIT
Claude Code

A complete Claude Code developer setup: CLAUDE.md templates, 17 safety hooks, 60+ skills, server infrastructure, terminal workflow, WhatsApp/Gmail integration, memory system, and cost tracking. Everything is templated for reuse with no personal data.

Who is this for?

  • Solo developers using Claude Code daily who want battle-tested guardrails and productivity patterns
  • Teams standardizing their Claude Code configuration across projects and machines
  • Anyone who's been burned by Claude running rm -rf, pushing secrets, or claiming "should work" without verifying

What makes this different?

Most Claude Code configs share a single CLAUDE.md. This repo shares the full stack: the hooks that enforce the rules, the skills that automate workflows, the server infrastructure that runs it all, and the memory system that makes Claude learn across sessions. Every pattern is extracted from real production use, not hypothetical best practices.

Table of Contents

Quick Start

git clone https://github.com/buildingopen/claude-setup.git
cd claude-setup
./install.sh          # Symlinks configs into ~/.claude/

That's it. The installer detects existing configs, backs them up, resolves $HOME paths in hook commands, and installs 17 hooks + 7 scripts + 60+ skills + memory template. Run ./install.sh --copy for standalone files instead of symlinks.

After install:

  1. Edit ~/.claude/CLAUDE.md to match your workflow (search for <!-- Customize --> comments)
  2. Copy claude/CLAUDE-project.md into your project roots
  3. Optionally copy .env.example to .env for API keys used by some hooks/scripts

What's Included

Directory Contents Purpose
claude/ CLAUDE.md, hooks, scripts, skills, memory Core Claude Code configuration
server/ Systemd services, safety utils, browser automation, tmux Dev server infrastructure
whatsapp/ OpenClaw gateway, verified send, SQLite contact lookup WhatsApp messaging integration
gmail/ IMAP checker, multi-account support Email access for Claude
cron/ Job templates, health checks, safe-pipeline patterns Recurring task automation

CLAUDE.md Templates

Two templates encoding months of iteration on making Claude Code reliable:

  • claude/CLAUDE.md - Global config (~/.claude/CLAUDE.md). Drop-in template with engineering principles, self-audit checklist, error recovery, communication standards, and quality gates.
  • claude/CLAUDE-project.md - Per-project config. Tech stack, key files, testing conventions, deploy config. Copy into any project root.
Key patterns in the global CLAUDE.md
Pattern What it does
Read First, Code Later 80% reading, 20% writing. No changes without understanding context first.
Self-Audit No completion claims without fresh verification evidence. Bans "should work now".
Rationalization Red Flags Table of thoughts that signal the agent is about to skip process.
Error Recovery Data-driven rules from 10,000+ error analysis (e.g., never retry a blocked hook).
Ripple Check After every change, audit the diff for env vars, dependencies, breaking changes.
Quality Gate Do not return until genuinely 10/10. List flaws before scoring.

Safety Hooks

17 hooks wired into settings.json that prevent Claude from doing damage. They run automatically on every tool call.

Hook Trigger What It Does
block-destructive.sh Bash Blocks rm -rf /, git reset --hard, DROP TABLE, curl|bash
protect-sensitive-files.sh Write/Edit Blocks writes to .pem, .key, id_rsa, credentials
protect-config-files.sh Write/Edit Blocks editing linter/formatter configs to bypass checks
scan-secrets-before-push.sh Bash Runs gitleaks before git push
enforce-package-manager.sh Bash Detects lock file, blocks wrong package manager
enforce-server-routing.sh Bash Blocks CPU-heavy tasks locally, routes to dev server
suggest-compact.sh Edit/Write/Bash Counts tool calls, suggests /compact at threshold
post-compaction-recall.sh Any Detects post-compaction state, suggests session-recall
cost-tracker.sh Stop Tracks token costs per model/session to costs.jsonl
gemini-audit.sh + .py Stop Opt-in Gemini quality gate: scores output, blocks if < 10
block-wa-send.sh Bash Blocks unverified WhatsApp sends (optional, not wired by default)
block-terminal-minimize.sh Bash Blocks AppleScript commands that minimize or hide terminal windows
cc-precompact-hook.sh PreCompact Saves git diff, test results, and loop state before context compaction
cc-postcompact-hook.sh PostCompact Restores saved state into context after compaction
enforce-hetzner-heavy-tasks.sh Bash Blocks CPU-heavy tasks locally (Remotion, ffmpeg, Playwright), routes to dev server
rate-limit-auto-resume.sh Stop Detects rate limit messages and schedules automatic resume via macOS at
sandbox-heavy-tasks.sh PreToolUse Intercepts memory-hungry commands (whisper, ffmpeg, torch) and routes through sandbox

All hooks are pure bash (no external deps beyond jq). See claude/hooks/README.md for how hooks work, the JSON protocol, and how to wire them in settings.json.

Hook blocking a destructive command

Scripts included:

Script Purpose
gemini-fetch.sh Fetch blocked URLs via Gemini API (WebFetch fallback)
claude-auto-resume.sh Auto-retry on rate limits with exponential backoff
claude-rate-limit-watcher.sh Background rate limit monitor daemon
claude-switch.sh Switch between multiple Claude accounts
sync-claude-config.sh Sync CLAUDE.md across machines via SCP

Skills (60+)

Slash commands that extend Claude's capabilities. Each skill is a SKILL.md file installed to ~/.claude/commands/. Invoke with /skill-name or let Claude detect and use them automatically. Includes session-learn, a meta-skill that analyzes past session transcripts to derive new skills and CLAUDE.md rules from real usage patterns.

Full skill list by category

Shipping & QA:
bouncer (Gemini quality gate), ship (pre-merge workflow), qa (autonomous testing), debug (systematic debugging), target-loop (verified iteration engine), gh-launch (repo launch checklist)

Planning & Review:
retro (weekly retrospective), compass (strategic planning), blast-radius (impact analysis), deep-audit (full repo audit via Gemini), cost (token spend reporting), negotiator (BATNA/ZOPA analysis, message scoring), product (UX decision framework)

Auditing:
ui-audit (UX/product review + wireframe comparison with Playwright screenshots and CSS extraction), ux-audit (independent Gemini-powered UX scoring), seo (technical SEO 8-dimension audit), geo (geographic data validator for aviation/travel)

Document Generation:
pdf, docx, pptx, xlsx manipulation, yc-pitch-deck (investor pitch deck)

Design & Content:
frontend-design, slide-design, canvas-design, algorithmic-art, linkedin-copy, cold-outreach, brand-guidelines (Anthropic brand), republic-design (investor-grade design scoring), theme-factory (10 pre-set visual themes), web-artifacts-builder (React + shadcn/ui artifacts), internal-comms (company newsletters, 3P updates)

Video & Media:
video-edit (trim, concat, overlays, audio mix, voiceover), review-video (frame extraction + visual review), yc-video (plan/score/audit startup launch videos), slack-gif-creator (animated GIFs optimized for Slack)

Infrastructure & Ops:
deploy (multi-project), docker-deploy (self-hosted), dns (DNS API), health (system audit), email-check (IMAP), wa (WhatsApp read/send), mcp-builder, webapp-testing, browse (browser automation), browser-use (persistent browser daemon), post-to-x (cross-post to X/Twitter)

Context & Recovery:
vault (context vault ops), morning (daily briefing), recall (post-compaction recovery), session-learn (derive skills from sessions), issue (multi-account GitHub issues), agents (scan running Claude sessions), food-finder (restaurant discovery via Swiggy + Maps)

Meta:
skill-creator (create new skills), subagent-templates, new-project (scaffolding), doc-coauthoring, workplan (multi-step task planning)

See claude/skills/README.md for the full list, SKILL.md format, and how to create your own.

Memory System

An external brain pattern that persists knowledge across Claude Code sessions:

  • MEMORY.md - Concise index (< 200 lines) auto-loaded into every conversation
  • Topic files - Detailed notes on specific subjects, read on demand
  • Claude auto-updates these as it learns preferences, patterns, and corrections

This prevents Claude from repeating mistakes across sessions and lets it build on prior context. See claude/memory/README.md for the full pattern.

Server Infrastructure

Templates for running Claude Code on a dedicated dev server (VPS/dedicated). Not needed for local-only setups.

What's in server/
  • Systemd services - Chrome headless with CDP, SSHFS mounts, CDP keepalive, Docker-host proxy
  • Safety utilities - safe-pipeline (flock + timeout + cgroup memory cap), safe-run, stale process cleanup
  • Browser automation - Chrome CDP setup guide, bridge keeper for session persistence
  • Multi-account management - GitHub, Render, Supabase account switching patterns
  • Terminal workflow - tmux config, bashrc (999K history, aliases), background task queue system

WhatsApp & Gmail Integration

WhatsApp (via OpenClaw gateway):

  • Docker-based WhatsApp Web bridge
  • Verified send script with SQLite contact lookup (prevents wrong-number sends)
  • Direct SQLite DB reading for message history

Gmail (via IMAP):

  • Multi-account email checking
  • Preserves read/unread status (BODY.PEEK[] instead of RFC822)
  • Standalone Python script, stdlib only, no pip dependencies

Architecture

~/.claude/
  CLAUDE.md          <- claude/CLAUDE.md (global config)
  settings.json      <- claude/settings.json (hooks + permissions, $HOME resolved)
  .mcp.json          <- claude/.mcp.json (MCP servers)
  hooks/             <- claude/hooks/ (12 safety hooks)
  scripts/           <- claude/scripts/ (5 utility scripts)
  commands/          <- claude/skills/ (40+ slash commands)
  metrics/           <- cost tracking output (costs.jsonl)
  projects/*/memory/ <- external brain (MEMORY.md + topic files)

your-project/
  CLAUDE.md          <- claude/CLAUDE-project.md (per-project config)

Requirements

Requirement Required? Used by
Claude Code CLI Yes Everything
jq Yes All hooks (JSON parsing)
python3 Optional Gemini audit hook, email checker
gitleaks Optional Secret scanning hook
Gemini API key Optional gemini-fetch.sh, gemini-audit

Configuration

After running install.sh:

  1. Edit CLAUDE.md - Search for <!-- Customize --> comments and replace placeholders with your setup (server names, tool routing rules, project paths)
  2. Add project configs - Copy claude/CLAUDE-project.md to each project root and fill in the tech stack section
  3. API keys (optional) - Copy .env.example to .env for hooks/scripts that need external APIs

The settings.json file has $HOME paths pre-resolved by the installer. If you update the repo's settings.json, re-run ./install.sh to pick up changes.

Related Projects

Other open-source tools from BuildingOpen:

Project Description
bouncer Independent Gemini quality gate that audits Claude Code's output before it can stop
claude-code-stats Spotify Wrapped for Claude Code. Visualize your AI coding stats, token usage, and costs
claude-wrapped Visualize your Claude Code stats with npx claude-entropy
hook-stats Analyze your Claude Code bash command log
session-recall Search and recover context after Claude's automatic compaction
browse Browser automation CLI with autonomous agent mode via CDP
openbrowser Give AI your browser. Check email, track orders, download receipts. MCP server + CLI
openqueen Autonomous coding agent controlled by WhatsApp/Telegram. Gemini orchestrates Claude/Codex
openclaw-setup WhatsApp gateway setup guide (subset of this repo's whatsapp/ directory)
blast-radius Find all files affected by your changes. One bash script, zero dependencies
dep-check Find dead imports in your project. One bash script
ai-error-analyzer 6 rules to reduce wasted AI coding retries

License

MIT

Reviews (0)

No results found