Claude Code’s Local Skills: Speed vs Security
We break down Claude Code v2.1.157’s local .claude/skills workflow, where executable scripts can be loaded straight from a developer’s machine for instant tool creation and hot reloading. The conversation also digs into the security risks of committing custom plugins to source control, including the possibility of arbitrary code execution.
Is this your podcast and want to remove this banner? Click here.
Chapter 1
Local Plugins via .claude/skills
Lachlan Reed
Welcome to the show, tech heads! I'm Lachlan Reed, and today we are looking at a massive shift in how we build with LLMs. James, have you seen the Claude Code v2.1.157 release? They are completely bypassing marketplace registries by letting you load custom execution scripts directly out of a local directory. I am talking about the dot-claude-slash-skills folder.
James Turner
I saw that! [excited] It's brilliant. Instead of jumping through enterprise API gateway hoops or waiting for a registry approval, Claude just scans your local dot-claude-slash-skills directory at startup. If there's an executable file or script in there, Claude registers it as a tool. You can bootstrap a new one instantly using "claude plugin init" and then pass the name of your plugin.
Lachlan Reed
It is a game changer for local developer velocity. [laughs] Back in my day, we had to rebuild the whole container to test a tool. Now, if you change your script's logic mid-session, you just run slash-reload-skills right inside the Claude terminal, and boom -- it hot-swaps the definition on the fly. No restarts required.
James Turner
Slash-reload-skills is massive for tight feedback loops. But Lachlan, think about the git implications here. If teams start committing these custom dot-claude-slash-skills scripts directly to source control so everyone on the team has the same custom tools... [pauses] doesn't that open up a pretty nasty attack vector?
Lachlan Reed
Oh, absolutely. [serious] It is a massive security blindspot if you are not careful. Think about it: you git pull a public repo, it has a malicious script sitting inside dot-claude-slash-skills, and the moment you spin up Claude, it executes that script with your local shell privileges. It's basically arbitrary code execution waiting to happen.
James Turner
Exactly. We're essentially treating our LLM tool directories like npm packages, but without the registry-level security scanning. If you're committing executable plugins to source control, you absolutely have to treat that folder with the same paranoia as a pre-commit hook or a CI/CD pipeline script.
Lachlan Reed
Spot on, mate. It's a classic tradeoff -- ultimate local flexibility, but you've got to watch your step. That's our quick take on Claude Code's local skills. Catch you in the next one!