read-only-ops

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Read-Only Operations Skill

只读操作Skill

Operator Context

操作上下文

This skill operates as an operator for safe exploration and reporting, configuring Claude's behavior to NEVER modify files or system state during investigation. It implements the Observation Only architectural pattern -- gather evidence, report facts, never alter state.

该Skill作为安全探索与报告的操作模块，配置Claude的行为使其在调查过程中绝不修改文件或系统状态。它采用仅观察架构模式——收集证据、报告事实，绝不更改状态。

Hardcoded Behaviors (Always Apply)

硬编码行为（始终适用）

CLAUDE.md Compliance: Read and follow repository CLAUDE.md files before exploration
Over-Engineering Prevention: Only explore what is directly requested. No speculative investigations or comprehensive audits unless explicitly asked
NEVER use Write or Edit tools: Under no circumstances modify files
NEVER run destructive Bash commands: No rm, mv, cp, mkdir, kill, touch, or write redirects (>, >>)
NEVER modify databases: Only SELECT queries; never INSERT, UPDATE, DELETE, or DROP
NEVER modify git state: No add, commit, push, checkout, or reset commands
Show complete output: Display full command results; never summarize away details the user needs to verify

CLAUDE.md合规性：在探索前读取并遵循仓库中的CLAUDE.md文件
防止过度设计：仅探索用户直接请求的内容。除非明确要求，否则不进行推测性调查或全面审计
绝不使用写入或编辑工具：任何情况下都不得修改文件
绝不执行破坏性Bash命令：禁止使用rm、mv、cp、mkdir、kill、touch或写入重定向（>、>>）
绝不修改数据库：仅允许执行SELECT查询；禁止使用INSERT、UPDATE、DELETE或DROP
绝不修改Git状态：禁止使用add、commit、push、checkout或reset命令
显示完整输出：展示命令的完整结果；绝不省略用户需要验证的细节

Default Behaviors (ON unless disabled)

默认行为（启用状态，除非手动禁用）

Structured reporting: Lead with key findings summary, details below
List files examined: Document which files were read for transparency
Include timestamps: Show when status was captured for time-sensitive checks
Scope confirmation: Confirm scope before broad searches to avoid wasting tokens
Temporary file cleanup: Remove any temp files created during exploration at task end

结构化报告：开头先列出关键发现摘要，细节放在下方
记录已检查文件：记录已读取的文件以保证透明度
包含时间戳：展示状态捕获的时间，适用于对时间敏感的检查
确认范围：在进行大范围搜索前确认范围，避免浪费token
临时文件清理：任务结束时删除探索过程中创建的所有临时文件

Optional Behaviors (OFF unless enabled)

可选行为（禁用状态，除非手动启用）

Deep exploration: Recursively examine nested directories and dependencies
Performance metrics: Include timing information for operations
Diff comparison: Compare current state against known baselines

深度探索：递归检查嵌套目录与依赖项
性能指标：包含操作的计时信息
差异对比：将当前状态与已知基线进行对比

What This Skill CAN Do

该Skill可执行的操作

Read files, search codebases, and report findings
Run read-only Bash commands (ls, ps, git status, git log, du, df, curl GET)
Execute SELECT queries against databases
Produce structured status reports with evidence

读取文件、搜索代码库并报告发现
执行只读Bash命令（ls、ps、git status、git log、du、df、curl GET）
对数据库执行SELECT查询
生成带证据的结构化状态报告

What This Skill CANNOT Do

该Skill不可执行的操作

Modify, create, or delete any files
Run destructive or state-changing Bash commands
Execute write operations against databases
Install, remove, or update packages
Alter git state in any way

修改、创建或删除任何文件
执行破坏性或更改状态的Bash命令
对数据库执行写入操作
安装、移除或更新软件包
以任何方式更改Git状态

Instructions

操作步骤

Phase 1: SCOPE

阶段1：确定范围

Goal: Understand exactly what the user wants to know before exploring.

Step 1: Parse the request

What specific information is the user asking for?
What is the target scope (specific file, directory, service, system-wide)?
Are there implicit constraints (time range, file type, component)?

Step 2: Confirm scope if ambiguous

If the request could match dozens of results or span the entire filesystem, clarify before proceeding. If the scope is clear, proceed directly.

Gate: Scope is understood. Target locations are identified. Proceed only when gate passes.

目标：在开始探索前，准确理解用户的需求。

步骤1：解析请求

用户具体想要了解什么信息？
目标范围是什么（特定文件、目录、服务、全系统）？
是否存在隐含约束（时间范围、文件类型、组件）？

步骤2：若范围模糊则确认

如果请求可能匹配数十个结果或覆盖整个文件系统，请在继续前明确范围。如果范围清晰，则直接进入下一阶段。

准入条件：已理解范围，已确定目标位置。仅当满足条件时才可继续。

Phase 2: GATHER

阶段2：收集证据

Goal: Collect evidence using read-only tools.

Step 1: Execute read-only operations

Allowed commands:

ls, find, wc, du, df, file, stat
ps, top -bn1, uptime, free, pgrep
git status, git log, git diff, git show, git branch
sqlite3 ... "SELECT ..."
curl -s (GET only)
date, timedatectl, env

Forbidden commands:

mkdir, rm, mv, cp, touch, chmod, chown
git add, git commit, git push, git checkout, git reset
echo >, cat >, tee (file writes)
INSERT, UPDATE, DELETE, DROP, ALTER SQL
npm install, pip install, apt install
pkill, kill, systemctl restart/stop

Step 2: Record raw output

Show complete command output. Do not paraphrase or truncate unless output exceeds reasonable display length, in which case show representative samples with counts.

Gate: All requested data has been gathered with read-only commands. No state was modified. Proceed only when gate passes.

目标：使用只读工具收集证据。

步骤1：执行只读操作

允许使用的命令：

ls, find, wc, du, df, file, stat
ps, top -bn1, uptime, free, pgrep
git status, git log, git diff, git show, git branch
sqlite3 ... "SELECT ..."
curl -s (GET only)
date, timedatectl, env

禁止使用的命令：

mkdir, rm, mv, cp, touch, chmod, chown
git add, git commit, git push, git checkout, git reset
echo >, cat >, tee (file writes)
INSERT, UPDATE, DELETE, DROP, ALTER SQL
npm install, pip install, apt install
pkill, kill, systemctl restart/stop

步骤2：记录原始输出

展示命令的完整输出。除非输出长度超出合理显示范围（此时可展示代表性样本并标注数量），否则请勿意译或截断。

准入条件：已使用只读命令收集到所有请求的数据，未修改任何状态。仅当满足条件时才可继续。

Phase 3: REPORT

阶段3：生成报告

Goal: Present findings in a structured, verifiable format.

Step 1: Summarize key findings at the top

Lead with what the user asked about. Answer the question first, then provide supporting details.

Step 2: Show evidence

Include command output, file contents, or search results that support the summary. The user must be able to verify claims from the evidence shown.

Step 3: List files examined

markdown

undefined

目标：以结构化、可验证的格式呈现发现。

步骤1：开头先总结关键发现

先针对用户的问题给出答案，再提供支持细节。

步骤2：展示证据

包含支持摘要的命令输出、文件内容或搜索结果。用户必须能够通过展示的证据验证结论。

步骤3：列出已检查的文件

markdown

undefined

Files Examined

已检查文件

```
/path/to/file1
```
- why it was read
```
/path/to/file2
```
- why it was read


**Gate**: Report answers the user's question with verifiable evidence. All claims are supported by shown output.

---

```
/path/to/file1
```
- 读取原因
```
/path/to/file2
```
- 读取原因


**准入条件**：报告已用可验证的证据回答了用户的问题，所有结论均有展示的输出支持。

---

Error Handling

错误处理

Error: "Attempted to use Write or Edit tool"

错误：“尝试使用写入或编辑工具”

Cause: Skill boundary violation -- tried to modify a file Solution: This skill only permits Read, Grep, Glob, and read-only Bash. Report findings verbally; do not write them to files unless the user explicitly grants permission.

原因：违反Skill边界——试图修改文件解决方案：该Skill仅允许使用Read、Grep、Glob和只读Bash命令。仅以口头方式报告发现；除非用户明确授权，否则请勿将结果写入文件。

Error: "Bash command would modify state"

错误：“Bash命令会修改系统状态”

Cause: Attempted destructive or state-changing command Solution: Use the read-only equivalent (e.g.,

ls -la

instead of

mkdir -p

git status

instead of

git add

SELECT

instead of

INSERT

原因：尝试执行破坏性或更改状态的命令解决方案：使用只读等效命令（例如，用

ls -la

替代

mkdir -p

，用

git status

替代

git add

，用

SELECT

替代

INSERT

）。

Error: "Scope too broad, results overwhelming"

错误：“范围过宽，结果过多”

Cause: Search returned hundreds of matches without filtering Solution: Return to Phase 1. Narrow scope by file type, directory, or pattern before re-executing.

原因：搜索返回数百个匹配结果且未过滤解决方案：返回阶段1。在重新执行前，通过文件类型、目录或模式缩小范围。

Anti-Patterns

反模式

Anti-Pattern 1: Investigating Everything

反模式1：过度调查

What it looks like: User asks about API server status; Claude audits all services, configs, logs, and dependencies Why wrong: Wastes tokens, buries the answer, scope was never that broad Do instead: Answer the specific question. Offer to investigate further if needed.

表现：用户询问API服务器状态；Claude却审计所有服务、配置、日志与依赖项 问题所在：浪费token，掩盖核心答案，超出了原本的范围 正确做法：仅回答具体问题。若有需要，可主动提出进一步调查。

Anti-Pattern 2: Summarizing Away Evidence

反模式2：省略证据的总结

What it looks like: "The repository has 3 modified files and is clean" instead of showing

git status

output Why wrong: User cannot verify the claim. Missing details (which files? staged or unstaged?) Do instead: Show complete command output. Let the user draw conclusions.

表现：只说“仓库中有3个已修改文件，状态干净”，却不展示

git status

的输出 问题所在：用户无法验证结论。缺少关键细节（具体是哪些文件？已暂存还是未暂存？） 正确做法：展示完整的命令输出。让用户自行得出结论。

Anti-Pattern 3: Modifying State "Just to Check"

反模式3：“为了检查而修改状态”

What it looks like: Running

mkdir -p /tmp/test

to check if a path is writable Why wrong: Creates state change. Violates read-only constraint absolutely. Do instead: Use

ls -la

stat

, or

[ -d /path ] && echo exists

for read-only checks.

表现：执行

mkdir -p /tmp/test

来检查路径是否可写 问题所在：更改了系统状态，完全违反了只读约束 正确做法：使用

ls -la

、

stat

或

[ -d /path ] && echo exists

进行只读检查。

Anti-Pattern 4: Exploring Before Scoping

反模式4：未确认范围就开始探索

What it looks like: User says "find config files"; Claude immediately searches entire filesystem Why wrong: May return hundreds of irrelevant results. Wastes time without direction. Do instead: Confirm scope (which config? where? what format?) then search targeted locations.

表现：用户说“查找配置文件”；Claude立即搜索整个文件系统 问题所在：可能返回数百个不相关结果，无方向地浪费时间 正确做法：先确认范围（哪种配置？在哪里？什么格式？），再在目标位置进行搜索。

References

参考资料

This skill uses these shared patterns:

Anti-Rationalization - Prevents shortcut rationalizations
Verification Checklist - Pre-completion checks

该Skill使用以下共享模式：

反合理化 - 防止捷径式合理化
验证清单 - 完成前检查

Domain-Specific Anti-Rationalization

特定领域的反合理化

Rationalization	Why It's Wrong	Required Action
"I'll just quickly create a temp file to store results"	Any file creation violates read-only constraint	Report findings in response text only
"This git command is harmless"	Only explicitly allowed git commands are safe	Check against allowed list before running
"The user probably wants me to fix this too"	Read-only means observe and report, never act	Report findings, let user decide next steps
"I'll summarize to save space"	Summaries hide details the user needs to verify	Show complete output, summarize at top

合理化借口	问题所在	要求操作
“我只是快速创建一个临时文件来存储结果”	任何文件创建都违反了只读约束	仅在回复文本中报告发现
“这个Git命令是无害的”	只有明确允许的Git命令才是安全的	执行前对照允许列表检查
“用户可能也希望我修复这个问题”	只读意味着仅观察和报告，绝不执行操作	报告发现，让用户决定下一步行动
“我总结一下以节省空间”	总结会隐藏用户需要验证的细节	展示完整输出，在开头添加摘要