Claude-skill-registry agent-tools
Reference for configuring tool permissions when launching Claude Code agents. Use when setting up --allowedTools flags, restricting file access, or configuring agent permissions.
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/agent-tools" ~/.claude/skills/majiayu000-claude-skill-registry-agent-tools && rm -rf "$T"
manifest:
skills/data/agent-tools/SKILL.mdsource content
Claude Code Tools Reference
Configure tool permissions when launching parallel Claude Code agents.
Available Tools
| Tool | Description | Use Case |
|---|---|---|
| Read files | Always needed for context |
| Create new files | Creating new code files |
| Modify existing files | Updating existing code |
| Execute shell commands | Running tests, builds, git |
| Find files by pattern | File discovery |
| Search file contents | Code search |
| Fetch web content | Documentation lookup |
| Search the web | Research |
| Manage task lists | Progress tracking |
| Launch sub-agents | Delegation |
| Edit Jupyter notebooks | Data science |
| MCP server tools | External integrations |
CLI Syntax
Each tool is a separate quoted argument:
claude --allowedTools "Tool1" "Tool2" "Tool3(...)" --print "prompt"
Example with multiple tools:
claude --allowedTools "Read" "Edit" "Bash(pytest:*)" --print "implement feature"
Path-Specific Restrictions
Restrict file operations to specific directories using gitignore-style patterns.
Path Pattern Syntax
| Pattern | Meaning | Example |
|---|---|---|
| Absolute filesystem path | |
| Home directory relative | |
| Relative to settings file | |
| Relative to current directory | |
Examples
# Allow editing only in src/ directory claude --allowedTools "Edit(/src/**)" --print "..." # Allow editing TypeScript files only claude --allowedTools "Edit(/src/**/*.ts)" --print "..." # Multiple path restrictions claude --allowedTools "Read" "Edit(/apps/users/**)" "Edit(/tests/**)" --print "..." # Absolute path restriction claude --allowedTools "Edit(//tmp/scratch.txt)" --print "..."
Bash Command Restrictions
Restrict which shell commands can be executed using prefix matching.
Syntax
Bash(command:*)
The
:*Pattern Examples
| Pattern | Matches | Does NOT Match |
|---|---|---|
| | |
| | |
| | |
| | |
| | |
| | |
Example
claude --allowedTools "Bash(pytest:*)" "Bash(mypy:*)" "Bash(ruff:*)" "Read" --print "run tests"
Security Note
Claude Code prevents bypass via shell operators (
&&;||- Different invocations may bypass patterns (
vspython -m pytest
)pytest - For URL restrictions, prefer
overWebFetch(domain:...)Bash(curl:*)
WebFetch Domain Restrictions
Restrict web fetches to specific domains:
claude --allowedTools "WebFetch(domain:github.com)" "WebFetch(domain:docs.python.org)" --print "..."
MCP Tool Restrictions
Allow All Tools from a Server
claude --allowedTools "mcp__puppeteer" --print "..."
Allow Specific Tool Only
claude --allowedTools "mcp__puppeteer__puppeteer_navigate" --print "..."
Note: MCP permissions do NOT support wildcards (
*Recommended Configurations
By Task Type
| Task Type | Recommended |
|---|---|
| Implementation | |
| Code Review | |
| Testing Only | |
| Documentation | |
| Full Access | |
For Parallel Development
When using git worktrees for isolation,
--dangerously-skip-permissions- Each agent runs in an isolated worktree
- Agents can only affect files in their workspace
- Main branch remains protected until explicit merge
# Safe in isolated worktree claude --dangerously-skip-permissions --print "$(cat prompts/task-001.txt)"
For Granular Control
When agents share a workspace, use path-scoped permissions:
claude \ --allowedTools \ "Read" \ "Write(/apps/users/**)" \ "Edit(/apps/users/**)" \ "Bash(pytest apps/users/:*)" \ "Bash(mypy apps/users/:*)" \ "Glob" \ "Grep" \ --print "$(cat prompts/task-001.txt)"
Complete Examples
Django App Implementation Agent
claude \ --allowedTools \ "Read" \ "Write(/apps/orders/**)" \ "Edit(/apps/orders/**)" \ "Bash(pytest apps/orders/:*)" \ "Bash(mypy apps/orders/:*)" \ "Bash(ruff check apps/orders/:*)" \ "Glob" \ "Grep" \ --print "Implement order management per task-004 spec"
React Component Agent
claude \ --allowedTools \ "Read" \ "Write(/src/components/Dashboard/**)" \ "Edit(/src/components/Dashboard/**)" \ "Bash(npm run test:*)" \ "Bash(npm run lint:*)" \ "Glob" \ "Grep" \ --print "Implement Dashboard components per task-003 spec"
Read-Only Analysis Agent
claude \ --allowedTools \ "Read" \ "Glob" \ "Grep" \ "WebFetch(domain:docs.python.org)" \ --print "Analyze codebase and suggest improvements"
Quick Reference
| Restriction Type | Syntax |
|---|---|
| Allow tool everywhere | |
| Restrict to directory | |
| Restrict to file type | |
| Restrict bash command | |
| Restrict web domain | |
| Allow MCP server | |
| Allow specific MCP tool | |
| Skip all permissions | |
Common Patterns
Task-Scoped Permissions
Match permissions to task boundaries:
# Task owns apps/users/ --allowedTools "Edit(/apps/users/**)" "Write(/apps/users/**)" # Task owns apps/orders/ --allowedTools "Edit(/apps/orders/**)" "Write(/apps/orders/**)"
Test Commands Only
--allowedTools "Read" "Bash(pytest:*)" "Bash(npm test:*)" "Bash(go test:*)"
Documentation Writer
--allowedTools "Read" "Write(/docs/**)" "Edit(/docs/**)" "WebFetch" "WebSearch"
Infrastructure Agent
--allowedTools "Read" "Edit(/terraform/**)" "Edit(/docker-compose.yml)" "Bash(terraform:*)" "Bash(docker:*)"