Audit and optimize your Claude Code installation to current best practices
What Is This? β’ Features β’ Installation β’ Usage β’ Architecture
Claude Code is Anthropic's AI-powered coding assistant that runs in your terminal. It can read your codebase, write and edit files, run commands, and help you build software through natural conversation.
Claude Code Optimizer is a skill β a plugin that extends Claude Code's capabilities. When installed, it gives Claude the ability to audit your Claude Code setup, find misconfigurations, identify security issues, and recommend optimizations.
Think of it as a health check for your Claude Code installation:
You: "Audit my Claude Code setup"
Claude: Analyzing your configuration...
## Audit Report
| Severity | Area | Issue | Fix |
|----------|------|-------|-----|
| π΄ High | Hooks | Invalid event `postToolUse` | Use `PostToolUse` (case-sensitive) |
| π‘ Medium | Permissions | Overly broad `Bash(*)` | Scope to specific commands |
| π’ Info | MCP | Unused server configured | Remove or configure |
Recommendations:
1. Fix hook event name β hooks won't fire with wrong casing
2. Tighten permissions to reduce security surface
Who is this for?
- Developers who want to verify their Claude Code setup is optimal
- Teams standardizing Claude Code configurations
- Power users exploring advanced features (hooks, MCP, custom agents)
- Anyone troubleshooting why something isn't working
Claude Code is powerful, but it's also complex. With hooks, permissions, MCP servers, custom agents, slash commands, and multiple configuration files, there's a lot that can go wrong β and a lot of potential that goes untapped.
Claude Code is evolving rapidlyβ2.1.0 alone shipped with 1,096 commits. Configuration options are scattered across multiple files, best practices aren't always obvious, and it's easy to miss features that could dramatically improve your workflow.
Claude Code Optimizer is a skill that audits your setup, identifies issues, and guides you to an optimized configuration.
The optimizer doesn't just check if your files exist β it validates every configuration option, catches subtle mistakes, and explains exactly how to fix them.
- π Comprehensive Auditing β Analyzes settings, hooks, permissions, MCP servers, commands, agents, and skills
- π― Six Specialized Agents β Focused auditors for config, hooks, permissions, MCP, workflows, plus orchestrator
- π Security Analysis β Detects hardcoded secrets, dangerous patterns, data exfiltration risks
- π Context Optimization β Identifies bloated configs causing context exhaustion
- β Pattern Validation β Catches permission patterns that won't match as expected
- π Actionable Reports β Every finding includes severity, impact, and specific fix instructions
- π Built-in References β Five detailed guides including security audit procedures
- β‘ Current β Targets Claude Code 2.1.3+ with all 12 hook events and latest settings schema
Installation takes about 30 seconds. The skill installs to your Claude Code skills directory, and the specialized agents install alongside it. Once installed, Claude automatically loads the optimizer when you ask for an audit.
# Clone the repository
git clone https://github.com/vbonk/claude-code-optimizer.git
cd claude-code-optimizer
# Run the installer
./scripts/install.sh# Install skill
mkdir -p ~/.claude/skills/claude-code-optimizer
cp -r SKILL.md references ~/.claude/skills/claude-code-optimizer/
# Install agents
mkdir -p ~/.claude/agents
cp agents/*.md ~/.claude/agents/For project-specific installation (useful for teams):
./scripts/install.sh --projectThis installs to .claude/skills/ and .claude/agents/ in your current directory.
claude --version # Should be 2.1.0+Then in Claude Code:
What skills are available?
You should see claude-code-optimizer listed.
Just ask Claude naturally. The optimizer triggers on phrases like "audit", "check", "optimize", or "review" when you're talking about your Claude Code setup. You don't need to remember specific commands.
Ask Claude Code to audit your setup:
Audit my Claude Code setup
Or be specific:
Run a comprehensive Claude Code audit and show me what needs fixing
Run specific audits when you know what you're looking for:
| Request | What It Does |
|---|---|
Check my Claude Code configuration |
Audits settings.json and CLAUDE.md files |
Audit my hooks |
Validates hook events, matchers, and security |
Review my permissions setup |
Analyzes allow/deny rules and pattern validity |
Audit my MCP servers |
Checks MCP configs for secrets and security |
Check my commands and agents |
Audits workflow components for best practices |
Run a security audit |
Comprehensive security review across all areas |
## Claude Code Audit Report
**Version**: 2.1.2
**Health**: β
Pass
### Findings
| Severity | Area | Issue | Fix |
|----------|------|-------|-----|
| π΄ High | Hooks | Invalid event name `postToolUse` | Change to `PostToolUse` (case-sensitive) |
| π‘ Medium | Permissions | Overly broad `Bash(*)` allow rule | Scope to specific commands |
| π’ Info | Config | No CLAUDE.md in project root | Consider adding project context |
### Recommendations
1. Fix the hook event name immediatelyβhooks won't fire with incorrect casing
2. Tighten Bash permissions to reduce security surface
3. Add CLAUDE.md to improve Claude's understanding of your project
Under the hood, the optimizer uses a team of specialized agents. Each agent is an expert in one area β hooks, permissions, MCP servers, etc. When you request an audit, the orchestrator coordinates them, collects their findings, and synthesizes a unified report.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Claude Code Optimizer β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β SKILL.md β
β βββ Trigger detection (audit, optimize, check, improve) β
β βββ Quick reference (settings keys, hook events, tool names) β
β βββ Agent orchestration β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Specialized Agents (6) β
β ββββββββββββββββββ ββββββββββββββββββ ββββββββββββββββββ β
β β config-auditor β β hooks-auditor β β permissions- β β
β β β β β β auditor β β
β β β’ settings.jsonβ β β’ Event names β β β’ Allow/deny β β
β β β’ CLAUDE.md β β β’ Matchers β β β’ Patterns β β
β β β’ Context size β β β’ Security β β β’ Unreachable β β
β ββββββββββββββββββ ββββββββββββββββββ ββββββββββββββββββ β
β ββββββββββββββββββ ββββββββββββββββββ ββββββββββββββββββ β
β β mcp-auditor β β workflow- β β audit- β β
β β β β auditor β β orchestrator β β
β β β’ MCP servers β β β’ Commands β β β’ Coordinates β β
β β β’ Secrets β β β’ Agents β β β’ Synthesizes β β
β β β’ Permissions β β β’ Skills β β β’ Prioritizes β β
β ββββββββββββββββββ ββββββββββββββββββ ββββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β References (5 guides, loaded on demand) β
β β’ config-guide.md β’ hooks-guide.md β’ permissions-guide.md β
β β’ security-guide.md β’ troubleshooting.md β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- Separation of concerns β Each auditor is an expert in one domain
- Parallel execution β Multiple audits can run simultaneously
- Maintainability β Update one auditor without touching others
- Context efficiency β Only loads relevant expertise for each audit type
- Testability β Each agent can be validated independently
The optimizer includes detailed reference guides that Claude loads on demand. These go deeper than the audit output β use them when you want to understand the "why" behind a recommendation or learn advanced configuration patterns.
| Guide | Contents |
|---|---|
references/config-guide.md |
Settings.json schema, CLAUDE.md best practices, context optimization |
references/hooks-guide.md |
All 12 hook events, matcher patterns, input/output schemas |
references/permissions-guide.md |
Permission strategies, pattern validation, unreachable rule detection |
references/security-guide.md |
Security audit procedures, threat model, incident response |
references/troubleshooting.md |
Common issues, diagnostic commands, context optimization |
- Skills β How skills work
- Hooks Reference β Complete hook documentation
- Subagents β Agent architecture
- Settings β Configuration options
Here's exactly what each auditor examines. This isn't just a surface-level scan β each check validates against the current Claude Code 2.1.3 specification and flags anything that's misconfigured, insecure, or suboptimal.
~/.claude/settings.jsonβ User settings.claude/settings.jsonβ Project settingsCLAUDE.md/.claude/CLAUDE.mdβ Project memoryCLAUDE.local.mdβ Local overrides- JSON validity and schema compliance
- Context usage optimization (file sizes, bloat detection)
- All 12 event names validated (case-sensitive)
- Matcher patterns (regex validity, tool name accuracy)
- Command security (injection risks, data exfiltration, dangerous patterns)
- Timeout configurations
once: trueandagent_typeoptions
- Allow/deny rule effectiveness
- Pattern validation (catches common mistakes)
- Unreachable rule detection (2.1.3+)
- Conflicting rules and security recommendations
- Server configurations in settings.json and .mcp.json
- Hardcoded secret detection
- Filesystem scope validation
- Tool permission coverage
- High-risk server identification
- Custom slash commands (frontmatter, descriptions)
- Subagents (valid schemas, appropriate tools)
- Skills (trigger descriptions, file structure)
- Named sessions and
context: forkusage
We've tested this skill against our own QA process β the same rigorous checks the optimizer runs on your setup. Every claim has been verified against the official Claude Code documentation.
This skill has passed comprehensive validation:
β
38/38 checks passed
Installation
β
Skill directory structure correct
β
Agents installed to correct location
β
Install script executes successfully
Schema Validation
β
SKILL.md frontmatter valid
β
All 6 agents have valid frontmatter
β
All tool names correct (Bash, Read, Write, etc.)
β
All model values valid (inherit)
Documentation
β
All 12 hook events documented
β
All 5 reference guides complete
β
SKILL.md under 500 lines
β
Descriptions under 1024 chars
Version Compatibility
β
Targets Claude Code 2.1.3+
β
Tested with Claude Code 2.1.3
The optimizer works with any standard Claude Code installation. No additional dependencies required.
- Claude Code: 2.1.3 or later
- Subscription: Claude Pro, Claude Max, or API access
- OS: macOS, Linux, or Windows (WSL)
Everything is plain Markdown β no build step, no compilation. You can read and modify any file directly if you want to customize the optimizer's behavior.
claude-code-optimizer/
βββ SKILL.md # Main skill (triggers on audit/optimize requests)
βββ MANIFEST.md # Human-readable installation guide
βββ HANDOFF.md # Development context for contributors
βββ QA-PROCESS.md # Validation framework
βββ README.md # This file
βββ LICENSE # MIT License
βββ agents/
β βββ audit-orchestrator.md # Coordinates comprehensive audits
β βββ config-auditor.md # Configuration specialist
β βββ hooks-auditor.md # Hooks specialist
β βββ mcp-auditor.md # MCP server specialist
β βββ permissions-auditor.md # Permissions specialist
β βββ workflow-auditor.md # Commands/agents/skills specialist
βββ references/
β βββ config-guide.md # Configuration deep-dive
β βββ hooks-guide.md # Hook patterns and examples
β βββ permissions-guide.md # Permission strategies
β βββ security-guide.md # Security audit procedures
β βββ troubleshooting.md # Common issues and solutions
βββ scripts/
βββ install.sh # Installation script
Found a bug? Have an idea for a new check? Contributions are welcome. The codebase is just Markdown files, so it's easy to understand and modify.
Please see HANDOFF.md for development context and QA-PROCESS.md for the validation framework.
- Fork the repository
- Make your changes
- Run the QA process validation
- Submit a pull request
- Additional audit checks
- New reference documentation
- Edge case handling
- Performance optimization
- Bug fixes
MIT License β see LICENSE for details.
Designed by Anthony Velte & Claude Opus 4.5
Built with care to help developers get the most out of Claude Code.
If this skill helped you, consider starring the repo β