Skill.md
LangChain Tool Builder
Writing LangChain tools by hand has a subtle failure mode: security properties end up scattered — permission logic bleeds into execution logic, a new tool forgets to set is_read_only and becomes implicitly write-capable. This skill applies Claude Code's buildTool() pattern to fix this at the source: one class co-locates identity, schema, security metadata, and execution, and new tools are fail-closed safe by default.
Core Framework
| Layer | Method | Responsibility |
|---|---|---|
| Security metadata | Class attributes | is_read_only, is_destructive, is_concurrency_safe — all default False (fail-closed) |
| Semantic validation | _validate_input_semantics | Reject malformed inputs before execution; error messages must be actionable |
| Permission check | _check_permissions | Reject unauthorized access (path traversal, missing env vars, wrong org) |
| Core logic | _call | Business execution — only runs after the first two layers pass |
Supported Query Types
- "Build a tool to search / query / create / delete X"
- "Add permission checking to this tool"
- "Add input validation to this tool"
- "Set up ClaudeStyleTool base class in my project"
- "build_tool" / "Claude Code style tool" / "create a LangChain tool"
How to Use
- Open Claude Code and say "build a tool for X" or "create a LangChain tool"
- The skill checks if
ClaudeStyleToolbase class is installed, and copies it if not - Collects tool name, description, schema fields, and security property answers
- Generates a complete
.pytool file in correct field order - Prints a one-line security posture summary for quick verification
- For simple tools with no custom validation, uses the
build_tool()factory instead
Limitations
Security properties require developer judgment — the skill will ask the right questions, but whether a tool is truly concurrency-safe depends on your business logic. The _call body is scaffolded with a placeholder; you fill in the actual implementation.