Tools & Hooks Integration
Custom Skills can access Claude Code's tool set and integrate with the Hooks system.
Tool List
Standard tools available to Skills:
| Tool | Type | Description |
|---|---|---|
Read | Read-only | Read files |
Write | Write | Create/overwrite files |
Edit | Write | Exact string replacement |
Bash | Execute | Run shell commands |
Glob | Read-only | File pattern matching |
Grep | Read-only | Text search |
WebFetch | Network | Fetch web content |
WebSearch | Network | Search the internet |
Configuring Tool Permissions
yaml
allowed-tools:
- Read
- Write
- EditPrinciple: Only grant tools the Skill genuinely needs.
Read-Only Analysis Skill
yaml
allowed-tools:
- Read
- Bash # Only for git log, npm ls, etc.Code Generation Skill
yaml
allowed-tools:
- Read
- Write
- Edit
- Bash # Run tests for verificationHooks Integration
Hooks allow automatic actions on specific events.
Available Event Hooks
json
{
"hooks": {
"PreToolUse": {
"bash": "echo 'About to run: $TOOL_NAME'"
},
"PostToolUse": {
"bash": "npm run lint"
}
}
}Skill + Hook Combo
Scenario: A code-gen Skill that auto-formats after every file write.
SKILL.md:
yaml
---
name: component-generator
description: Generate React components with tests and stories
allowed-tools: [Read, Write, Edit, Bash]
---settings.json:
json
{
"hooks": {
"PostToolUse": [
{
"tool": "Write",
"command": "npx prettier --write $FILE_PATH"
}
]
}
}MCP Tools
If MCP servers are configured (e.g., CodeGraph), Skills can call MCP tools too.
yaml
# Skill using CodeGraph
name: code-explorer
description: Explore codebase structure using CodeGraph
allowed-tools:
- Read
- mcp__codegraph__codegraph_search
- mcp__codegraph__codegraph_contextSecurity Best Practices
- Never use wildcards in
allowed-tools - Restrict Bash to specific commands (via settings.json permissions)
- Sensitive operations (deploy, publish) should not be allowlisted
- Hook commands run outside Claude Code's process — audit script safety
Next Steps
- Examples — Build a complete Skill from scratch