// Use when creating or improving Claude Code agents. Expert guidance on agent file structure, frontmatter, persona definition, tool access, model selection, and validation against schema.
| name | creating-claude-agents |
| description | Use when creating or improving Claude Code agents. Expert guidance on agent file structure, frontmatter, persona definition, tool access, model selection, and validation against schema. |
Use this skill when creating or improving Claude Code agents. Provides comprehensive guidance on agent structure, schema validation, and best practices for building long-running AI assistants.
Activate this skill when:
---
name: agent-name
description: When and why to use this agent
allowed-tools: Read, Write, Bash
model: sonnet
agentType: agent
---
# 🔍 Agent Display Name
You are [persona definition - describe the agent's role and expertise].
## Instructions
[Clear, actionable guidance on what the agent does]
## Process
[Step-by-step workflow the agent follows]
## Examples
[Code samples and use cases demonstrating the agent's capabilities]
Required Path:
.claude/agents/*.md
Agents must be placed in .claude/agents/ directory as markdown files.
| Field | Type | Description | Example |
|---|---|---|---|
name | string | Agent identifier (lowercase, hyphens only) | code-reviewer |
description | string | Brief overview of functionality and use cases | Reviews code for best practices and potential issues |
| Field | Type | Description | Values |
|---|---|---|---|
allowed-tools | string | Comma-separated list of available tools | Read, Write, Bash, WebSearch |
model | string | Claude model to use | sonnet, opus, haiku, inherit |
agentType | string | Explicit marker for format preservation | agent |
Name Field:
^[a-z0-9-]+$ (lowercase letters, numbers, hyphens only)code-reviewer ❌ Code_ReviewerDescription Field:
Allowed Tools:
Valid tools: Read, Write, Edit, Grep, Glob, Bash, WebSearch, WebFetch, Task, Skill, SlashCommand, TodoWrite, AskUserQuestion
Model Values:
sonnet - Balanced, good for most agents (default)opus - Complex reasoning, architectural decisionshaiku - Fast, simple tasksinherit - Use parent conversation's modelThe first line of content must be an H1 heading that serves as the agent's display title:
# 🔍 Code Reviewer
Best Practices:
Immediately after the H1, define the agent's persona using "You are..." format:
You are an expert code reviewer with deep knowledge of software engineering principles and security best practices.
Guidelines:
# 🔍 Agent Name
You are [persona definition].
## Instructions
[What the agent does and how it approaches tasks]
## Process
1. [Step 1]
2. [Step 2]
3. [Step 3]
## Examples
[Code samples showing good/bad patterns]
## Guidelines
- [Best practice 1]
- [Best practice 2]
Agents must conform to the JSON schema at:
https://github.com/pr-pm/prpm/blob/main/packages/converters/schemas/claude-agent.schema.json
{
"frontmatter": {
"name": "string (required)",
"description": "string (required)",
"allowed-tools": "string (optional)",
"model": "enum (optional)",
"agentType": "agent (optional)"
},
"content": "string (markdown with H1, persona, instructions)"
}
| Error | Cause | Fix |
|---|---|---|
| Missing required field 'name' | Frontmatter lacks name field | Add name: agent-name |
| Missing required field 'description' | Frontmatter lacks description | Add description: ... |
| Invalid name pattern | Name contains uppercase or special chars | Use lowercase and hyphens only |
| Name too long | Name exceeds 64 characters | Shorten the name |
| Invalid model value | Model not in enum | Use: sonnet, opus, haiku, or inherit |
| Missing H1 heading | Content doesn't start with # | Add # Agent Name as first line |
Omit the allowed-tools field to inherit all tools from the parent conversation:
---
name: full-access-agent
description: Agent needs access to everything
# No allowed-tools field = inherits all
---
Grant minimal necessary permissions:
---
name: read-only-reviewer
description: Reviews code without making changes
allowed-tools: Read, Grep, Bash
---
Use command patterns to restrict Bash access:
---
name: git-helper
description: Git operations only
allowed-tools: Bash(git *), Read
---
Syntax:
Bash(git *) - Only git commandsBash(npm test:*) - Only npm test scriptsBash(git status:*), Bash(git diff:*) - Multiple specific commandsUse for:
model: sonnet
Use for:
model: opus
Use for:
model: haiku
Use for:
model: inherit
| Mistake | Problem | Solution |
|---|---|---|
Using _ in name | Violates pattern constraint | Use hyphens: code-reviewer not code_reviewer |
| Uppercase in name | Violates pattern constraint | Lowercase only: debugger not Debugger |
| Missing persona | Agent lacks role definition | Add "You are..." after H1 |
| No H1 heading | Content format invalid | Start content with # Agent Name |
| Vague description | Agent won't activate correctly | Be specific about when to use |
| Too many tools | Security risk, violates least privilege | Grant only necessary tools |
| No agentType field | May lose type info in conversion | Add agentType: agent |
| Generic agent name | Conflicts or unclear purpose | Use specific, descriptive names |
The description determines when Claude automatically invokes your agent.
✅ Good:
description: Reviews code changes for quality, security, and maintainability issues
❌ Poor:
description: A helpful agent # Too vague
Establish expertise and approach immediately after the H1:
# 🔍 Code Reviewer
You are an expert code reviewer specializing in TypeScript and React, with 10+ years of experience in security-focused development. You approach code review systematically, checking for security vulnerabilities, performance issues, and maintainability concerns.
Guide the agent's workflow explicitly:
## Review Process
1. **Read the changes**
- Get recent git diff or specified files
- Understand the context and purpose
2. **Analyze systematically**
- Check each category (quality, security, performance)
- Provide specific file:line references
- Explain why something is an issue
3. **Provide actionable feedback**
- Categorize by severity
- Include fix suggestions
- Highlight positive patterns
Show both good and bad patterns:
## Examples
When reviewing error handling:
❌ **Bad - Silent failure:**
\`\`\`typescript
try {
await fetchData();
} catch (error) {
console.log(error);
}
\`\`\`
✅ **Good - Proper error handling:**
\`\`\`typescript
try {
await fetchData();
} catch (error) {
logger.error('Failed to fetch data', error);
throw new AppError('Data fetch failed', { cause: error });
}
\`\`\`
Choose emojis that represent the agent's purpose:
Each agent should excel at ONE specific task:
✅ Good:
code-reviewer - Reviews code for quality and securitydebugger - Root cause analysis and minimal fixes❌ Poor:
code-helper - Reviews, debugs, tests, refactors, documents (too broad)Follow the principle of least privilege:
# Read-only analysis agent
allowed-tools: Read, Grep
# Code modification agent
allowed-tools: Read, Edit, Bash(git *)
# Full development agent
allowed-tools: Read, Write, Edit, Bash, Grep, Glob
Always include agentType: agent in frontmatter to preserve type information during format conversions:
---
name: code-reviewer
description: Reviews code for best practices
agentType: agent
---
---
name: simple-reviewer
description: Quick code review for common issues
allowed-tools: Read, Grep
model: haiku
agentType: agent
---
# 🔍 Simple Code Reviewer
You are a code reviewer focused on catching common mistakes quickly.
## Instructions
Review code for:
- Syntax errors
- Common anti-patterns
- Missing error handling
- Console.log statements
Provide concise feedback with file:line references.
---
name: security-auditor
description: Deep security vulnerability analysis for code changes
allowed-tools: Read, Grep, WebSearch, Bash(git *)
model: opus
agentType: agent
---
# 🔒 Security Auditor
You are a security expert specializing in application security, with expertise in OWASP Top 10, secure coding practices, and threat modeling. You perform thorough security analysis of code changes.
## Review Process
1. **Gather Context**
- Read changed files
- Review git history for context
- Identify data flows and trust boundaries
2. **Security Analysis**
- Input validation and sanitization
- Authentication and authorization
- SQL injection risks
- XSS vulnerabilities
- CSRF protection
- Secrets exposure
- Cryptography usage
- Dependency vulnerabilities
3. **Threat Assessment**
- Rate severity (Critical/High/Medium/Low)
- Assess exploitability
- Determine business impact
- Provide remediation guidance
4. **Report Findings**
Use structured format with CVE references where applicable.
## Output Format
**Security Score: X/10**
### Critical Issues (Fix Immediately)
- [Vulnerability] (file:line) - [Explanation] - [CVE if applicable] - [Fix]
### High Priority
- [Issue] (file:line) - [Explanation] - [Fix]
### Medium Priority
- [Concern] (file:line) - [Explanation] - [Recommendation]
### Best Practices
- [Positive security pattern observed]
**Recommendation:** [Approve/Request Changes/Block]
## Examples
### SQL Injection Check
❌ **Vulnerable:**
\`\`\`typescript
const query = \`SELECT \* FROM users WHERE id = \${userId}\`;
db.query(query);
\`\`\`
✅ **Safe:**
\`\`\`typescript
const query = 'SELECT \* FROM users WHERE id = $1';
db.query(query, [userId]);
\`\`\`
Before finalizing an agent:
.claude/agents/ directoryOfficial Schema URL:
https://github.com/pr-pm/prpm/blob/main/packages/converters/schemas/claude-agent.schema.json
Local Schema Path:
/Users/khaliqgant/Projects/prpm/app/packages/converters/schemas/claude-agent.schema.json
Decision Tree:
Need specialized AI assistant?
├─ Yes → Needs tools and persistent context?
│ ├─ Yes → Use Agent
│ └─ No → Quick invocation?
│ ├─ Yes → Use Slash Command
│ └─ No → Use Skill
└─ No → Just documentation? → Use Skill
Problem: Agent doesn't get invoked when expected
Solutions:
.claude/agents/*.mdProblem: Agent file doesn't validate against schema
Solutions:
Problem: Agent can't access needed tools
Solutions:
allowed-tools in frontmatterRead, not read)Bash(git *)allowed-tools field to inherit all toolsProblem: Agent produces inconsistent or low-quality results
Solutions:
Remember: Great agents are specialized experts with clear personas, step-by-step processes, and minimal tool access. Focus each agent on doing ONE thing exceptionally well with measurable outcomes.
Use when you need Codex to coordinate multiple agents through Relaycast for peer-to-peer messaging, lead/worker handoffs, or shared status tracking across sub-agents and terminals.
Use when creating Agent Skills packages (SKILL.md format) for Codex CLI, GitHub Copilot, or Amp - provides the agentskills.io specification with frontmatter constraints, directory structure, and validation rules
Use when testing web applications with visual verification - automates Chrome browser interactions, element selection, and screenshot capture for confirming UI functionality
Use when creating or publishing Claude Code hooks - covers executable format, event types, JSON I/O, exit codes, security requirements, and PRPM package structure
Use when creating or fixing .claude/rules/ files - provides correct paths frontmatter (not globs), glob patterns, and avoids Cursor-specific fields like alwaysApply
Use when creating new Claude Code skills or improving existing ones - ensures skills are discoverable, scannable, and effective through proper structure, CSO optimization, and real examples