Claude CLI Command Examples

Powerful examples for piping data and using command substitution with claude.

File Analysis

# Analyze a script or config
claude "What does this script do?" < script.sh
cat config.yaml | claude "Explain this configuration"

# Code review
claude "Review this code for bugs and improvements:" < src/main.py
git diff HEAD~1 | claude "Review these changes"

# Dependency analysis
claude "Any security concerns or outdated packages?" < package.json
cat requirements.txt | claude "Check for problematic dependencies"

# Config validation
claude "Is this nginx config correct?" < /etc/nginx/nginx.conf
cat docker-compose.yml | claude "Validate and explain this setup"

Log Analysis & Incident Response

# General log analysis
tail -500 /var/log/syslog | claude "Summarize errors and warnings"
journalctl -p err -n 100 | claude "What's going wrong?"

# Auth failures
grep "Failed password" /var/log/auth.log | claude "Analyze these login failures. Any brute force attempts?"
last -50 | claude "Any suspicious login patterns?"

# Application crashes
docker logs myapp --tail 200 2>&1 | claude "Why did this crash? Root cause?"
kubectl logs pod/myapp --tail=300 | claude "Identify the error and suggest fixes"

# Timeline reconstruction
grep "$(date +%Y-%m-%d)" /var/log/syslog | claude "Create an incident timeline from these logs"
ausearch -ts today | claude "Summarize security-relevant events"

# Service health
systemctl status --all --failed | claude "What services failed and why?"
dmesg -T | tail -100 | claude "Any hardware or kernel issues?"

Security Analysis

# Network connections
netstat -tulpn | claude "Any suspicious listening ports?"
ss -tunapl | claude "Analyze these connections for anomalies"
lsof -i -P | claude "What's making network connections? Anything unusual?"

# Process analysis
ps auxf | claude "Any suspicious processes or unusual resource usage?"
pstree -p | claude "Analyze process hierarchy for anomalies"

# File integrity
find /etc -mtime -1 -ls | claude "These files changed in 24h. Any concerns?"
rpm -Va 2>/dev/null | claude "Analyze these package verification failures"

# User activity
cat /var/log/auth.log | tail -200 | claude "Analyze authentication events for compromise indicators"
grep -E "(sudo|su)" /var/log/auth.log | tail -100 | claude "Review privilege escalation events"
history | claude "Any dangerous commands in this history?"

# Firewall review
iptables -L -n -v | claude "Review these firewall rules for weaknesses"
ufw status verbose | claude "Is this firewall config secure?"

# SSH audit
cat /etc/ssh/sshd_config | claude "Security review this SSH config"
grep "Accepted\|Failed" /var/log/auth.log | tail -100 | claude "Analyze SSH access patterns"

# Malware hunting
find /tmp /var/tmp -type f -executable | xargs ls -la | claude "Any suspicious executables?"
crontab -l && cat /etc/crontab | claude "Any malicious cron jobs?"

Git & Development

# Code changes
git diff | claude "Summarize what I changed"
git log --oneline -20 | claude "Summarize recent project activity"
git diff --stat HEAD~5 | claude "What areas of code changed most?"

# Commit help
git diff --staged | claude "Write a commit message for these changes"
git log -1 -p | claude "Did this commit introduce any bugs?"

# Merge conflicts
git diff --name-only --diff-filter=U | xargs cat | claude "Help resolve these merge conflicts"

# Branch analysis
git log main..feature-branch --oneline | claude "Summarize this feature branch"

System Administration

# Disk usage
df -h && du -sh /* 2>/dev/null | claude "Disk usage analysis. What should I clean?"
find / -size +100M -type f 2>/dev/null | head -20 | claude "Large files to review"

# Performance
top -b -n1 | head -30 | claude "Any performance concerns?"
vmstat 1 5 | claude "Analyze this system performance"
iostat -x 1 3 | claude "Any I/O bottlenecks?"

# Memory
free -h && cat /proc/meminfo | claude "Memory analysis and recommendations"

# Cron jobs
crontab -l | claude "Explain these scheduled tasks"

Network & DNS

# DNS analysis
dig example.com ANY | claude "Explain these DNS records"
host -a domain.com | claude "Analyze this DNS configuration"

# Traffic capture
tcpdump -c 100 -nn | claude "What traffic is happening?"
tcpdump -r capture.pcap -nn | head -200 | claude "Analyze this packet capture"

# SSL/TLS
echo | openssl s_client -connect example.com:443 2>/dev/null | claude "Analyze this SSL certificate"

Docker & Kubernetes

# Container status
docker ps -a | claude "Container health check"
docker stats --no-stream | claude "Any resource concerns?"

# K8s analysis
kubectl get pods -A | claude "Cluster health summary"
kubectl describe pod failing-pod | claude "Why is this pod failing?"
kubectl get events --sort-by='.lastTimestamp' | tail -30 | claude "Recent cluster issues?"

Multi-Command Combos

# System overview
claude "System report: $(uname -a) CPU: $(nproc) Mem: $(free -h | grep Mem) Disk: $(df -h /)"

# Security snapshot
claude "Quick security check: Users: $(who) Listening: $(ss -tulpn) Failed logins: $(grep -c 'Failed' /var/log/auth.log 2>/dev/null || echo 'N/A')"

# Git status + suggestions
claude "Status: $(git status -s) Branch: $(git branch --show-current) Suggest next steps."

# Error aggregation
claude "Errors from multiple sources: Syslog: $(grep -i error /var/log/syslog | tail -5) Docker: $(docker logs myapp 2>&1 | grep -i error | tail -5)"

Tips

Tip	Example
Limit output size	tail -100, head -50
Capture stderr	2>&1
Strip man page formatting	man cmd | col -bx
Preserve whitespace	Quote the $()
Timeout long commands	timeout 10 command
Handle binary files	strings file | claude "..."
Multiple files	cat file1 file2 | claude "..."

Dangerous Command Safety

# Always preview destructive suggestions
claude "What would this do: rm -rf $(find . -name '*.tmp')"
# DON'T run: claude "..." | bash  (without review)