A\
Lessons/Domain 3
3.213 min

Create and configure custom slash commands and skills

Slash commands and skills are how you package repeatable Claude Code workflows so a team runs them the same way every time. The two decisions that matter most in production are scope (project-level and committed so everyone gets it, versus user-level and personal) and isolation and safety (using context: fork to keep verbose skill output out of the main conversation, and allowed-tools to fence off destructive actions). Getting these wrong shows up as teammates missing a command, context windows bloated by exploratory output, or a skill with more power than it should have.

Commands and skills: project scope vs user scopeProject (committed, shared)my-repo/.claude/commands/review.md -> /reviewskills/analyze-module/SKILL.mdEveryone who clones the repo gets these.User (~/.claude, personal)~/.claude/commands/my-shortcut.mdskills/deep-review/SKILL.mdDifferent name: not shared, does not shadowthe team skill.SKILL.md frontmatter---name / descriptioncontext: forkisolate verbose output from main chatallowed-tools: Read, Grep, Globdeterministic tool fence (no Bash)argument-hint: <module-path>prompt for required paramsSkill vs CLAUDE.mdSkill = on-demand task workflow (loads only when triggered). CLAUDE.md = always-loaded standards.Reject distractors: no .claude/config.json commands array; CLAUDE.md does not define commands.
Directory layout for slash commands and skills across project scope (committed, shared) and user scope (personal), with the SKILL.md frontmatter options for this task.

Slash commands: project scope vs user scope

A custom slash command is just a Markdown file whose filename becomes the command name. Put review.md in a directory and you get a /review command that inserts that file's contents as a prompt. The only question that decides who can run it is which directory it lives in.

Project-scoped commands live in .claude/commands/ inside the repository. Because that directory is committed, every developer who clones or pulls the repo automatically gets the command, with no per-machine setup. This is the correct home for anything the team should share: a standard code-review checklist, a release-notes generator, a test-scaffolding prompt.

User-scoped commands live in ~/.claude/commands/ in an individual developer's home directory. These are personal and are never shared through version control. Use this scope for your own shortcuts that teammates neither need nor should inherit.

Watch for the classic distractor: there is no .claude/config.json with a commands array, and CLAUDE.md is for project context and instructions, not command definitions. Commands are files in a commands/ directory, full stop.

Anatomy of a command file

A command is Markdown with optional YAML frontmatter. The body is the prompt; the frontmatter tunes behavior. A minimal team command looks like this:

---
description: Run the team's standard code-review checklist
argument-hint: <path-to-changed-files>
allowed-tools: Read, Grep, Glob
---
Review the changes in $ARGUMENTS against our checklist:
- correctness and edge cases
- security (injection, authz)
- test coverage

$ARGUMENTS captures everything the user typed after the command; $1, $2 capture positional arguments. You can also embed live context: a line beginning with ! runs a shell command and includes its output, and @path/to/file inlines a file. Subdirectories create namespaces, so .claude/commands/frontend/component.md becomes /frontend:component.

Keep commands focused. A command is essentially a saved, parameterized prompt, so the value is in encoding the exact wording and criteria your team agreed on, not in trying to make one command do everything.

Skills and the SKILL.md file

Skills are the richer sibling of slash commands. A skill is a directory under .claude/skills/ (project) or ~/.claude/skills/ (personal), containing a SKILL.md file plus any supporting scripts or resources the workflow needs. The SKILL.md frontmatter carries a name and a description, and the description is what lets Claude invoke the skill on demand when a task matches, rather than requiring the developer to remember to trigger it.

That on-demand nature is the key architectural difference from CLAUDE.md. Skills load only when they are relevant, so a large library of specialized workflows costs nothing until one is actually used. Beyond name and description, SKILL.md frontmatter supports three configuration options worth memorizing for this task: context: fork, allowed-tools, and argument-hint.

Think of a skill as a self-contained, reusable capability (analyze a module, scaffold a service, run a migration playbook) that bundles instructions and tooling, where a slash command is a lighter-weight saved prompt. Both come in project and user scopes governed by the same directory rule as commands.

context: fork for isolation

Some skills generate a lot of intermediate output. A codebase-analysis skill might read dozens of files; a brainstorming skill might explore several discarded alternatives. If that all lands in the main conversation, it burns context-window budget and buries the actual answer under exploration noise.

Setting context: fork in the skill's frontmatter runs the skill in an isolated sub-agent context. The skill does its verbose work in that separate context and returns only its result to the main session, so the exploratory detail never pollutes the primary conversation.

---
name: analyze-module
description: Deep-analyze a module and report its public API and dependencies
context: fork
argument-hint: <module-path>
---

Reach for context: fork whenever a skill's process is noisy but its output is compact: codebase discovery, dependency tracing, generating and comparing options. It is the skill-level equivalent of delegating to a sub-agent to protect the main context, and it pairs naturally with the Explore-style discovery patterns used elsewhere in Claude Code.

allowed-tools and argument-hint

allowed-tools restricts which tools a skill (or command) may use while it runs. This is a safety fence, not a convenience: a scaffolding skill that should only create files can be limited to Write, Edit so it cannot run Bash and delete something. A read-only audit skill can be limited to Read, Grep, Glob. Restricting tools in the frontmatter is a deterministic guardrail, unlike a prompt instruction that merely asks the model to behave.

---
name: scaffold-endpoint
description: Generate a new API endpoint from our template
allowed-tools: Read, Write, Edit
argument-hint: <resource-name>
---

argument-hint declares the parameters a skill expects. When a developer invokes the skill without supplying them, the hint is surfaced to prompt for the required input, so the skill does not silently run on missing or wrong arguments. Together, allowed-tools bounds what the skill can do and argument-hint clarifies what it needs, which are the two most common reliability fixes for a skill that either does too much or receives too little.

Personal variants without affecting teammates

Suppose a shared project skill mostly works for you but you want a stricter or differently tuned version. The wrong move is editing the committed .claude/skills/ file, because that change ships to everyone through version control and silently alters their behavior.

The correct move is to create a personal variant in ~/.claude/skills/ under a different name. Because it lives in your user scope, it is yours alone, and because it has a distinct name it does not shadow or collide with the team skill. You get your customization while the shared workflow stays stable for the rest of the team.

This mirrors the command scoping rule and the CLAUDE.md hierarchy from task 3.1: user scope is private, project scope is shared, and you never fork team behavior by mutating the shared artifact in place.

Skills vs CLAUDE.md: on-demand vs always-loaded

A recurring exam decision is whether a piece of guidance belongs in a skill or in CLAUDE.md. The dividing line is when it should be active.

CLAUDE.md is always loaded into every session, so it is the right place for universal standards that apply to essentially all work: code style, repo conventions, non-negotiable rules. The cost is that everything in it consumes context on every turn, whether relevant or not.

Skills are invoked on demand for a specific task, so they are the right place for task-specific workflows: a migration procedure, a specialized generator, an analysis playbook. They cost nothing until triggered, which lets you maintain a large catalog of specialized capabilities without bloating baseline context.

So: universal and always-relevant goes in CLAUDE.md; specialized and occasionally-needed goes in a skill. If you find yourself wrapping a rarely-used procedure in CLAUDE.md 'so Claude always knows it,' that is usually a skill.

Anti-patterns to avoid

avoid
Putting a command the whole team needs (like /review) in ~/.claude/commands/.

Why it fails: User-scoped commands are never shared through version control, so only the author has the command and teammates silently lack it.

instead Put shared commands in the project's .claude/commands/ directory so they are committed and every developer gets them on clone or pull.

avoid
Running a verbose codebase-analysis or brainstorming skill inline in the main conversation.

Why it fails: The skill's exploratory output accumulates in the main context, consuming window budget and burying the real answer under noise.

instead Add context: fork to the skill so it runs in an isolated sub-agent context and returns only its compact result to the main session.

avoid
Editing a shared project skill in .claude/skills/ to fit your personal preference.

Why it fails: The change is committed and ships to everyone, silently altering teammates' behavior with a customization only you wanted.

instead Create a personal variant in ~/.claude/skills/ under a different name so it is private to you and does not shadow the team skill.

avoid
Stuffing a rarely-used, task-specific procedure into CLAUDE.md so 'Claude always knows it.'

Why it fails: CLAUDE.md loads on every turn, so occasional procedures permanently consume context they rarely justify.

instead Package the procedure as an on-demand skill, keeping CLAUDE.md for universal always-relevant standards only.

Worked example: Scenario 2: standardizing a team's /review command and analysis skills in Claude Code

Your team uses Claude Code for generation, refactoring, and reviews. You want three things: a shared code-review command everyone gets automatically, a codebase-analysis capability that does not flood the chat, and room for a senior engineer to run their own stricter review.

The shared /review command. You create .claude/commands/review.md in the repo and commit it. Because it is project-scoped, every developer who pulls the repo has /review immediately, no setup.

---
description: Run the team's standard code-review checklist
argument-hint: <files-or-glob>
allowed-tools: Read, Grep, Glob
---
Review $ARGUMENTS for correctness, security, and test coverage.
Report findings as location, issue, severity, suggested fix.

Wrong turns to reject. Putting this in ~/.claude/commands/ means only you have it. Putting it in CLAUDE.md does not create a command at all, and there is no .claude/config.json with a commands array. This is exactly the sample-question trap: the answer is .claude/commands/.

The analysis skill with context: fork. You add .claude/skills/analyze-module/SKILL.md. The skill reads many files, so without isolation its output would swamp the session. context: fork runs it in a sub-agent and returns only the summary.

---
name: analyze-module
description: Report a module's public API, dependencies, and risk areas
context: fork
argument-hint: <module-path>
---
Map the module at $1. Return only: public API, inbound/outbound
deps, and the top risk areas. Do not dump full file contents.

Fencing a generator with allowed-tools. A scaffold-endpoint skill should never delete anything, so you restrict it: allowed-tools: Read, Write, Edit. Now the guardrail is enforced in configuration, not left to a prompt request the model might ignore.

The personal variant. The senior engineer wants a harsher review that also runs static analysis. Rather than editing the committed skill, they create ~/.claude/skills/deep-review/SKILL.md with a distinct name. It is private to their machine and does not shadow the team's /review. Everyone keeps the stable shared workflow; they get their stricter one.

Exam tips

  • Team-wide commands go in .claude/commands/ (committed, shared on clone/pull); personal commands go in ~/.claude/commands/ (never shared via version control).
  • There is no .claude/config.json with a commands array, and CLAUDE.md does not define commands. Commands are Markdown files in a commands/ directory whose filename is the command name.
  • Skills live in .claude/skills/<name>/SKILL.md; frontmatter includes context: fork (runs the skill in an isolated sub-agent context so verbose output does not pollute the main conversation), plus allowed-tools and argument-hint.
  • allowed-tools restricts tools during skill/command execution as a deterministic safety fence (e.g., Write/Edit only, no Bash); argument-hint prompts for required parameters when invoked without them.
  • Customize a shared skill by creating a personal variant in ~/.claude/skills/ with a DIFFERENT name; never edit the committed team skill in place.
  • Skills = on-demand, task-specific workflows (cost nothing until triggered); CLAUDE.md = always-loaded universal standards (costs context every turn).
Official exam objectives for 3.2
Knowledge of
  • Project-scoped commands in .claude/commands/ (shared via version control) vs user-scoped commands in ~/.claude/commands/ (personal)
  • Skills in .claude/skills/ with SKILL.md files that support frontmatter configuration including context: fork, allowed-tools, and argument-hint
  • The context: fork frontmatter option for running skills in an isolated sub-agent context, preventing skill outputs from polluting the main conversation
  • Personal skill customization: creating personal variants in ~/.claude/skills/ with different names to avoid affecting teammates
Skills in
  • Creating project-scoped slash commands in .claude/commands/ for team-wide availability via version control
  • Using context: fork to isolate skills that produce verbose output (e.g., codebase analysis) or exploratory context (e.g., brainstorming alternatives) from the main session
  • Configuring allowed-tools in skill frontmatter to restrict tool access during skill execution (e.g., limiting to file write operations to prevent destructive actions)
  • Using argument-hint frontmatter to prompt developers for required parameters when they invoke the skill without arguments
  • Choosing between skills (on-demand invocation for task-specific workflows) and CLAUDE.md (always-loaded universal standards)

Flashcards from this lesson

Where do you put a /review command so every developer gets it automatically on clone/pull?

In the project's .claude/commands/ directory. It is committed and version-controlled, so it is shared with the whole team. ~/.claude/commands/ is personal only.

What does context: fork do in a skill's SKILL.md frontmatter?

It runs the skill in an isolated sub-agent context, so verbose or exploratory output stays out of the main conversation and only the compact result returns.

Which SKILL.md frontmatter options are central to this task?

context: fork (isolation), allowed-tools (restrict tools during execution), and argument-hint (prompt for required parameters), alongside the core name and description.

How do you customize a shared team skill without affecting teammates?

Create a personal variant in ~/.claude/skills/ under a DIFFERENT name. It is private to you and does not shadow the committed team skill. Never edit the shared file in place.

When should guidance live in a skill versus CLAUDE.md?

Skill = on-demand, task-specific workflow that loads only when triggered. CLAUDE.md = always-loaded universal standards that cost context every turn. Specialized/occasional -> skill; universal/always -> CLAUDE.md.

What does allowed-tools accomplish in a command or skill, and why prefer it over a prompt instruction?

It restricts which tools may run during execution (e.g., Write/Edit only, no Bash), enforcing a deterministic safety fence rather than relying on the model to obey a prompt request.

Two distractors about command storage that are wrong on the exam?

There is no .claude/config.json with a commands array, and CLAUDE.md does not define commands. Commands are Markdown files in a commands/ directory.

Study all flashcards with spaced repetition