← Default view
Fig. 01 · Schematic · Claude Code Customization Primitives

Which one do
I actually need?

Four overlapping ways to teach Claude Code something new — CLAUDE.md, slash commands, Skills, and subagents. They look interchangeable in the docs. They are not. This page is the decision tree.

CLAUDE.md Slash command Skill Subagent
↳ Rule of thumb
If the workflow has supporting files OR you want Claude to invoke it without being told, reach for a Skill. Otherwise climb the tree — the right primitive depends on whether the rule is always-on, whether you need an isolated context window, and whether the prompt is one file or many. [5]
§ 01 · The branching diagram
I need to extend Claude Code… Start here. Read each question. Q1 Always-on project rule? A fact, a style guide, a setting yes ──→ CLAUDE.md AUTOMATIC AT STARTUP · SHARES MAIN WINDOW Pays a token cost every turn. Use sparingly. no ↓ Q2 Need isolated context window? Research-heavy / multi-step / parallel yes ──→ Subagent AUTO-DELEGATED OR VIA TASK TOOL · FULL ISOLATION Separate context window. Returns a summary, not transcript. no ↓ Q3 Bundles files OR auto-trigger? Scripts / templates / no-slash invocation yes ──→ Skill AUTO-TRIGGERED OR /name · DESCRIPTION ALWAYS, BODY ON DEMAND A folder: SKILL.md + scripts + references. Progressive disclosure. no ↓ Slash command /name IN TERMINAL · SHARES MAIN WINDOW Single file. Manually triggered. Cheapest to author. PRIORITY ORDER: ALWAYS-ON → ISOLATION → FILES / AUTO → ELSE SLASH
Walk top-to-bottom. The first "yes" wins. [5]

CLAUDE.md

Memory file · auto-loaded
Best for
Always-on project rules, facts, conventions
Invokes
Automatic at session start
Context
Pays tokens every turn
Isolation
None — main window
"This repo uses pnpm, not npm. All tests live in __tests__/."
/

Slash command

Single-file prompt · manual
Best for
Explicit, repeatable workflows you'll type
Invokes
/name in the terminal
Context
Shares main window when run
Isolation
None
"/deploy-staging — kick off the staging rollout I keep mistyping."

Skill

Folder · auto-invoked · scripts ok
Best for
Procedures with files, templates, or auto-trigger
Invokes
Auto (description match) OR /name
Context
Description always · body on demand
Isolation
None (unless context: fork)
"A section of CLAUDE.md that has grown into a procedure." [1]

Subagent

Separate window · returns summary
Best for
Research, multi-step, anything that pollutes context
Invokes
Auto-delegated or via Task tool
Context
Separate window — full isolation
Isolation
Full
"Explore the codebase for X, return a 200-word brief." Main thread stays clean.
§ 02 · Capability matrix
Auto-invoke Manual /name Bundles files Isolated context Token cost when idle
CLAUDE.md ● always loaded ○ n/a ○ no ○ no ◐ every turn
Slash command ○ no ● yes ○ single file ○ no ● zero
Skill ● on description match ● yes ● folder ◐ with context: fork ◐ ~dozen tokens (name+desc)
Subagent ● auto-delegated ● via Task tool ● via Skill ● full window ● zero
§ 03 · Anatomy of a SKILL.md
--- description: Summarizes uncommitted changes and flags anything risky. Use when the user asks what changed, wants a commit message, or asks to review their diff. allowed-tools: Bash(git diff *) Bash(git status *) --- ## Current changes !`git diff HEAD` # ← runs BEFORE model sees skill ## Instructions Summarize the changes above in two or three bullet points, then list any risks you notice such as missing error handling, hardcoded values, or tests that need updating. If the diff is empty, say so.

↳ Frontmatter levers

descriptionThe triage line. Capped at 1,536 chars. Front-load the use condition.
allowed-toolsPre-approves tools while skill is active — skips per-call prompts.
disable-model-invocationtrue = user-only. For /deploy, anything with side-effects.
user-invocablefalse hides from / menu. Background knowledge Claude reads.
context: forkRuns inside a subagent. Pair with agent: Explore or Plan.
pathsGlob. Auto-load only when working with matching files (monorepo-friendly).
model, effortPer-skill overrides of session model / effort.
§ 04 · Reach for a Skill when…

★ Reach for Skill

  • You'd bundle scripts, templates, or reference docs alongside the prompt — slash commands are single-file. [1]
  • You want Claude to invoke it on its own when the conversation matches the description. [5]
  • A section of CLAUDE.md has grown into a procedure rather than a fact — move it out, pay the tokens only on activation. [1]
  • You want it to work in Cursor, Codex, Gemini CLI, OpenHands too — Skills are a cross-vendor open standard. [9]

⛔ Don't reach for Skill

  • The rule is a static fact about the repo ("uses pnpm") — that belongs in CLAUDE.md.
  • The workflow needs a long-lived stateful connection (DB session, OAuth, SaaS API) — that's an MCP server. [3]
  • The action has side-effects you want to keep behind explicit typing — a slash command's manual trigger is the feature.
  • The work would pollute the main context — use a subagent for the isolation; only wrap it in a Skill if you need auto-trigger or bundled files.
§ 05 · The dynamic-context footgun
⚠ Trust boundary · ToxicSkills audit

The same low friction that makes Skills viral makes them a supply-chain target.

The ` !`cmd` ` dynamic-context feature runs before the model ever sees the skill body. Model-level prompt-injection defenses never get a chance to fire. [7]

Mitigations: review every project Skill before accepting workspace trust · for untrusted sources, set disableSkillShellExecution: true · prefer source-reference distribution (marketplaces that pin to upstream commits) over copy-paste. [12]

36.8%
of audited skills carry at least one security flaw
13.4%
contain a critical-level issue (534 skills)
100%
of confirmed malicious skills carry malicious code
91%
of malicious skills also embed prompt-injection
§ 06 · Skill vs MCP — the live-wire question
↳ Reach for MCP when

You need a long-lived, stateful connection.

A database, a SaaS API session, an OAuth handshake — anything the agent needs to stay logged into while it works.

  • Persistent session state
  • Auth handshake required
  • Bidirectional streaming
  • Cross-agent reuse via protocol
VS
↳ Reach for Skill when

"Run this CLI, read the output" is enough.

A shell command, a Python script, a procedural recipe. Cheaper to build, cheaper to ship, cheaper to audit. [3]

  • One-shot tool invocation
  • Procedural / recipe-shaped
  • Markdown + tiny YAML + scripts
  • Works across 30+ agents reading the same SKILL.md
§ 07 · Where the skills live (May 2026)
anthropics/skills
★ 140k
Canonical reference: PDF, DOCX, PPTX, XLSX, creative, enterprise. [8]
alirezarezvani/claude-skills
★ 16k
320+ skills, 70+ commands, 30+ agents. Portable to Codex, Gemini CLI, Cursor. [10]
daymade/claude-code-skills
★ 1.1k
Production-hardened fork of Anthropic's skill-creator. [11]
mhattingpete/claude-skills-marketplace
★ 585
Engineering workflows: git automation, test fixing, code review. [13]
§ 08 · Sources
01Skills — Claude Code docsofficial 02Anthropic · Agent Skills launchvendor 03Simon Willison · Claude Skillsnews 04InfoQ · Anthropic Claude Skillsnews 05alexop.dev · Customization Guidevendor 06Nimbalyst · Skills Guidevendor 07Snyk · ToxicSkills auditvendor 08anthropics/skills · GitHubofficial 09agentskills.io · open standardofficial 10alirezarezvani/claude-skillsforum 11daymade/claude-code-skillsforum 12netresearch/claude-code-marketplaceforum 13mhattingpete/claude-skills-marketplaceforum
SCHEMATIC · v1.0 · 2026-05-24 · 13 citations · derived from canonical
↳ Part of: Extending Claude Code · session-3 blueprint