S
SkillsMD 发现、学习和掌握最新的 AI 技术 Skills。基于真实社区数据,为开发者提供最权威的 AI 工具导航。
关于 聚焦 AI 技术 Skills 每周数据更新 中英双语文档 © 2026 SkillsMD. All rights reserved.
AI智能体配置与安全策略指南:项目描述、Hooks、Skills配置最佳实践 | SkillsMD
首页 / Skills / agent-configuration AI智能体配置与安全策略指南:项目描述、Hooks、Skills配置最佳实践 agent-configuration by akillness/oh-my-gods
npx skills add https://github.com/akillness/oh-my-gods --skill agent-configuration🇨🇳 中文介绍 AI 智能体配置策略(配置与安全)
何时使用此技能
为新项目构建 AI 智能体环境
编写和优化项目描述文件
配置 Hooks/Skills/Plugins
建立安全策略
共享团队配置
1. 项目描述文件编写策略
概述
项目描述文件(CLAUDE.md、README 等)是 面向 AI 的项目手册 。AI 智能体在参考时会优先考虑这些文件。
自动生成(Claude Code)
/init # Claude 分析代码库并生成草稿
必需章节结构
# Project: [项目名称]
## 技术栈
- **前端**: React + TypeScript
- **后端**: Node.js + Express
- **数据库**: PostgreSQL
- **ORM**: Drizzle
## 编码规范
- 使用 TypeScript 严格模式
- 优先使用服务端组件而非客户端组件
- 使用 `async/await` 而非 `.then()`
- 始终使用 Zod 验证用户输入
## 禁止事项
- 切勿提交 `.env` 文件
- 切勿在 TypeScript 中使用 `any` 类型
- 切勿绕过身份验证检查
- 切勿在客户端代码中暴露 API 密钥
## 常用命令
- `npm run dev`: 启动开发服务器
- `npm run build`: 构建生产版本
- `npm run test`: 运行测试
编写原则:简洁的艺术
不佳(冗长):
我们的认证系统是使用 NextAuth.js 构建的,这是一个
用于 Next.js 应用程序的完整身份验证解决方案...
(5 行以上的解释)
🇺🇸 English AI Agent Configuration Policy (Configuration & Security)
When to use this skill
Build AI agent environment for new projects
Write and optimize project description files
Configure Hooks/Skills/Plugins
Establish security policies
Share team configurations
1. Project Description File Writing Policy
Overview
Project description files (CLAUDE.md, README, etc.) are project manuals for AI . AI agents reference these files with top priority.
Auto-generate (Claude Code)
/init # Claude analyzes the codebase and generates a draft
Required Section Structure
# Project: [Project Name]
## Tech Stack
- **Frontend**: React + TypeScript
- **Backend**: Node.js + Express
- **Database**: PostgreSQL
- **ORM**: Drizzle
## Coding Standards
- Use TypeScript strict mode
- Prefer server components over client components
- Use `async/await` instead of `.then()`
- Always validate user input with Zod
## DO NOT
- Never commit `.env` files
- Never use `any` type in TypeScript
- Never bypass authentication checks
- Never expose API keys in client code
## Common Commands
- `npm run dev`: Start development server
- `npm run build`: Build for production
- `npm run test`: Run tests
广告位招租
在这里展示您的产品或服务
触达数万 AI 开发者,精准高效
联系我们 ## 身份验证
- 使用 Credentials 提供程序的 NextAuth.js
- JWT 会话策略
- **禁止**: 绕过身份验证检查、暴露会话密钥
增量添加原则
"开始时可以没有项目描述文件。当你发现自己重复说同样的事情时,再添加内容。"
2. Hooks 配置策略(Claude Code)
概述 Hooks 是在特定事件上自动运行的 shell 命令。它们充当 AI 的 防护栏 。
Hook 事件类型 Hook 触发时机 使用场景 PreToolUse工具执行前 阻止危险命令 PostToolUse工具执行后 日志记录、发送通知 PermissionRequest权限请求时 自动批准/拒绝 Notification通知时 外部系统集成 SubagentStart子智能体启动时 监控 SubagentStop子智能体停止时 结果收集
安全 Hooks 配置 // ~/.claude/settings.json
{
"hooks": {
"PreToolUse": [
{
"pattern": "rm -rf /",
"action": "block",
"message": "阻止根目录删除"
},
{
"pattern": "rm -rf /*",
"action": "block",
"message": "阻止危险删除命令"
},
{
"pattern": "sudo rm",
"action": "warn",
"message": "警告:sudo 删除命令"
},
{
"pattern": "curl * | sh",
"action": "block",
"message": "阻止管道脚本执行"
},
{
"pattern": "chmod 777",
"action": "warn",
"message": "警告:权限设置过高"
}
]
}
}
3. Skills 配置策略
Skills 与其他设置的比较 功能 加载时机 主要用户 令牌效率 项目描述文件 始终加载 项目团队 低(始终加载) Skills 按需加载 AI 自动 高(按需) 斜杠命令 用户调用时 开发者 中等 插件/MCP 安装时 团队/社区 视情况而定
选择指南 始终适用的规则 → 项目描述文件
仅特定任务所需的知识 → Skills(令牌效率高)
频繁使用的命令 → 斜杠命令
外部服务集成 → 插件 / MCP
自定义 Skill 创建 # 创建 skill 目录
mkdir -p ~/.claude/skills/my-skill
# 编写 SKILL.md
cat > ~/.claude/skills/my-skill/SKILL.md << 'EOF'
---
name: my-skill
description: 我的自定义技能
platforms: [Claude, Gemini, ChatGPT]
---
# 我的技能
## 何时使用
- 当需要执行特定任务时
## 使用说明
1. 第一步
2. 第二步
EOF
4. 安全策略
禁止行为
绝对禁止
在主机系统上使用无限制权限模式
自动批准根目录删除命令
提交 .env、credentials.json 等密钥文件
硬编码 API 密钥
需要谨慎
不加区分地批准 sudo 命令
运行 curl | sh 格式的脚本
使用 chmod 777 设置过高权限
连接到未知的 MCP 服务器
已批准命令审计 # 使用 cc-safe 工具检查危险命令
npx cc-safe .
npx cc-safe ~/projects
# 检测目标:
# - sudo, rm -rf, chmod 777
# - curl | sh, wget | bash
# - git reset --hard, git push --force
# - npm publish, docker run --privileged
安全自动批准(Claude Code) # 仅自动批准安全命令
/sandbox "npm test"
/sandbox "npm run lint"
/sandbox "git status"
/sandbox "git diff"
# 模式批准
/sandbox "git *" # 所有 git 命令
/sandbox "npm test *" # npm test 相关
# MCP 工具模式
/sandbox "mcp__server__*"
5. 团队配置共享
项目配置结构 project/
├── .claude/ # Claude Code 设置
│ ├── team-settings.json
│ ├── hooks/
│ └── skills/
├── .agent-skills/ # 通用技能
│ ├── backend/
│ ├── frontend/
│ └── ...
├── CLAUDE.md # 面向 Claude 的项目描述
├── .cursorrules # Cursor 设置
└── ...
team-settings.json 示例 {
"permissions": {
"allow": [
"Read(src/)",
"Write(src/)",
"Bash(npm test)",
"Bash(npm run lint)"
],
"deny": [
"Bash(rm -rf /)",
"Bash(sudo *)"
]
},
"hooks": {
"PreToolUse": {
"command": "bash",
"args": ["-c", "echo '团队钩子:验证中...'"]
}
},
"mcpServers": {
"company-db": {
"command": "npx",
"args": ["@company/db-mcp"]
}
}
}
团队共享工作流 提交 .claude/ 文件夹 → 团队成员克隆 → 相同设置自动应用 → 团队标准得以维持
6. 多智能体配置
各智能体配置文件 智能体 配置文件 位置 Claude Code CLAUDE.md, settings.json 项目根目录, ~/.claude/ Gemini CLI .geminirc 项目根目录, ~/ Cursor .cursorrules 项目根目录 ChatGPT 自定义指令 UI 设置
共享技能目录 .agent-skills/
├── backend/
├── frontend/
├── code-quality/
├── infrastructure/
├── documentation/
├── project-management/
├── search-analysis/
└── utilities/
7. 环境配置清单
初始设置
创建项目描述文件(/init 或手动)
设置终端别名(c, cc, g, cx)
配置外部编辑器(export EDITOR=vim)
连接 MCP 服务器(如果需要)
安全设置
为危险命令配置 Hooks
审查已批准命令列表(cc-safe)
确认 .env 文件在 .gitignore 中
准备容器环境(用于实验)
团队设置
将 .claude/ 文件夹提交到 Git
编写 team-settings.json
团队标准项目描述文件模板
快速参考
配置文件位置 ~/.claude/settings.json # 全局设置
~/.claude/skills/ # 全局技能
.claude/settings.json # 项目设置
.claude/skills/ # 项目技能
.agent-skills/ # 通用技能
CLAUDE.md # 项目 AI 手册
安全优先级 1. 使用 Hooks 阻止危险命令
2. 仅使用 /sandbox 自动批准安全命令
3. 定期使用 cc-safe 进行审计
4. 仅在容器中进行实验模式
令牌效率 项目描述文件:始终加载(保持简洁)
Skills:按需加载(令牌效率高)
.toon 模式:节省 95% 令牌
Writing Principles: The Art of Conciseness Our authentication system is built using NextAuth.js, which is a
complete authentication solution for Next.js applications...
(5+ lines of explanation)
## Authentication
- NextAuth.js with Credentials provider
- JWT session strategy
- **DO NOT**: Bypass auth checks, expose session secrets
Incremental Addition Principle
"Start without a project description file. Add content when you find yourself repeating the same things."
2. Hooks Configuration Policy (Claude Code)
Overview Hooks are shell commands that run automatically on specific events. They act as guardrails for AI.
Hook Event Types Hook Trigger Use Case PreToolUseBefore tool execution Block dangerous commands PostToolUseAfter tool execution Log recording, send notifications PermissionRequestOn permission request Auto approve/deny NotificationOn notification External system integration SubagentStartSubagent start Monitoring SubagentStopSubagent stop Result collection
Security Hooks Configuration // ~/.claude/settings.json
{
"hooks": {
"PreToolUse": [
{
"pattern": "rm -rf /",
"action": "block",
"message": "Block root directory deletion"
},
{
"pattern": "rm -rf /*",
"action": "block",
"message": "Block dangerous deletion command"
},
{
"pattern": "sudo rm",
"action": "warn",
"message": "Caution: sudo delete command"
},
{
"pattern": "curl * | sh",
"action": "block",
"message": "Block piped script execution"
},
{
"pattern": "chmod 777",
"action": "warn",
"message": "Caution: excessive permission setting"
}
]
}
}
3. Skills Configuration Policy
Skills vs Other Settings Comparison Feature Load Timing Primary Users Token Efficiency Project Description File Always loaded Project team Low (always loaded) Skills Load on demand AI auto High (on-demand) Slash Commands On user call Developers Medium Plugins/MCP On install Team/Community Varies
Selection Guide Rules that always apply → Project Description File
Knowledge needed only for specific tasks → Skills (token efficient)
Frequently used commands → Slash Commands
External service integration → Plugins / MCP
Custom Skill Creation # Create skill directory
mkdir -p ~/.claude/skills/my-skill
# Write SKILL.md
cat > ~/.claude/skills/my-skill/SKILL.md << 'EOF'
---
name: my-skill
description: My custom skill
platforms: [Claude, Gemini, ChatGPT]
---
# My Skill
## When to use
- When needed for specific tasks
## Instructions
1. First step
2. Second step
EOF
4. Security Policy
Prohibited Actions (DO NOT)
Absolutely Forbidden
Using unrestricted permission mode on host systems
Auto-approving root directory deletion commands
Committing secret files like .env, credentials.json
Hardcoding API keys
Requires Caution
Indiscriminate approval of sudo commands
Running scripts in curl | sh format
Setting excessive permissions with chmod 777
Connecting to unknown MCP servers
Approved Command Audit # Check for dangerous commands with cc-safe tool
npx cc-safe .
npx cc-safe ~/projects
# Detection targets:
# - sudo, rm -rf, chmod 777
# - curl | sh, wget | bash
# - git reset --hard, git push --force
# - npm publish, docker run --privileged
Safe Auto-approval (Claude Code) # Auto-approve only safe commands
/sandbox "npm test"
/sandbox "npm run lint"
/sandbox "git status"
/sandbox "git diff"
# Pattern approval
/sandbox "git *" # All git commands
/sandbox "npm test *" # npm test related
# MCP tool patterns
/sandbox "mcp__server__*"
5. Team Configuration Sharing
Project Configuration Structure project/
├── .claude/ # Claude Code settings
│ ├── team-settings.json
│ ├── hooks/
│ └── skills/
├── .agent-skills/ # Universal skills
│ ├── backend/
│ ├── frontend/
│ └── ...
├── CLAUDE.md # Project description for Claude
├── .cursorrules # Cursor settings
└── ...
team-settings.json Example {
"permissions": {
"allow": [
"Read(src/)",
"Write(src/)",
"Bash(npm test)",
"Bash(npm run lint)"
],
"deny": [
"Bash(rm -rf /)",
"Bash(sudo *)"
]
},
"hooks": {
"PreToolUse": {
"command": "bash",
"args": ["-c", "echo 'Team hook: validating...'"]
}
},
"mcpServers": {
"company-db": {
"command": "npx",
"args": ["@company/db-mcp"]
}
}
}
Team Sharing Workflow Commit .claude/ folder → Team members Clone → Same settings automatically applied → Team standards maintained
6. Multi-Agent Configuration
Per-Agent Configuration Files Agent Config File Location Claude Code CLAUDE.md, settings.json Project root, ~/.claude/ Gemini CLI .geminirc Project root, ~/ Cursor .cursorrules Project root ChatGPT Custom Instructions UI settings
Shared Skills Directory .agent-skills/
├── backend/
├── frontend/
├── code-quality/
├── infrastructure/
├── documentation/
├── project-management/
├── search-analysis/
└── utilities/
7. Environment Configuration Checklist
Initial Setup
Create project description file (/init or manual)
Set up terminal aliases (c, cc, g, cx)
Configure external editor (export EDITOR=vim)
Connect MCP servers (if needed)
Security Setup
Configure Hooks for dangerous commands
Review approved command list (cc-safe)
Verify .env file in .gitignore
Prepare container environment (for experimentation)
Team Setup
Commit .claude/ folder to Git
Write team-settings.json
Team standard project description file template
Quick Reference
Configuration File Locations ~/.claude/settings.json # Global settings
~/.claude/skills/ # Global skills
.claude/settings.json # Project settings
.claude/skills/ # Project skills
.agent-skills/ # Universal skills
CLAUDE.md # Project AI manual
Security Priority 1. Block dangerous commands with Hooks
2. Auto-approve only safe commands with /sandbox
3. Regular audit with cc-safe
4. Experiment mode in containers only
Token Efficiency Project Description File: Always loaded (keep concise)
Skills: Load on demand (token efficient)
.toon mode: 95% token savings
AI Elements:基于shadcn/ui的AI原生应用组件库,快速构建对话界面
62,200 周安装
