Powerful examples for piping data and using command substitution with claude.
# Analyze a script or config
claude "What does this script do?" < script.sh
cat config.yaml | claude "Explain this configuration"
# Code review
claude "Review this code for bugs and improvements:" < src/main.py
git diff HEAD~1 | claude "Review these changes"
# Dependency analysis
claude "Any security concerns or outdated packages?" < package.json
cat requirements.txt | claude "Check for problematic dependencies"
# Config validation
claude "Is this nginx config correct?" < /etc/nginx/nginx.conf
cat docker-compose.yml | claude "Validate and explain this setup"# General log analysis
tail -500 /var/log/syslog | claude "Summarize errors and warnings"
journalctl -p err -n 100 | claude "What's going wrong?"
# Auth failures
grep "Failed password" /var/log/auth.log | claude "Analyze these login failures. Any brute force attempts?"
last -50 | claude "Any suspicious login patterns?"
# Application crashes
docker logs myapp --tail 200 2>&1 | claude "Why did this crash? Root cause?"
kubectl logs pod/myapp --tail=300 | claude "Identify the error and suggest fixes"
# Timeline reconstruction
grep "$(date +%Y-%m-%d)" /var/log/syslog | claude "Create an incident timeline from these logs"
ausearch -ts today | claude "Summarize security-relevant events"
# Service health
systemctl status --all --failed | claude "What services failed and why?"
dmesg -T | tail -100 | claude "Any hardware or kernel issues?"# Network connections
netstat -tulpn | claude "Any suspicious listening ports?"
ss -tunapl | claude "Analyze these connections for anomalies"
lsof -i -P | claude "What's making network connections? Anything unusual?"
# Process analysis
ps auxf | claude "Any suspicious processes or unusual resource usage?"
pstree -p | claude "Analyze process hierarchy for anomalies"
# File integrity
find /etc -mtime -1 -ls | claude "These files changed in 24h. Any concerns?"
rpm -Va 2>/dev/null | claude "Analyze these package verification failures"
# User activity
cat /var/log/auth.log | tail -200 | claude "Analyze authentication events for compromise indicators"
grep -E "(sudo|su)" /var/log/auth.log | tail -100 | claude "Review privilege escalation events"
history | claude "Any dangerous commands in this history?"
# Firewall review
iptables -L -n -v | claude "Review these firewall rules for weaknesses"
ufw status verbose | claude "Is this firewall config secure?"
# SSH audit
cat /etc/ssh/sshd_config | claude "Security review this SSH config"
grep "Accepted\|Failed" /var/log/auth.log | tail -100 | claude "Analyze SSH access patterns"
# Malware hunting
find /tmp /var/tmp -type f -executable | xargs ls -la | claude "Any suspicious executables?"
crontab -l && cat /etc/crontab | claude "Any malicious cron jobs?"# Code changes
git diff | claude "Summarize what I changed"
git log --oneline -20 | claude "Summarize recent project activity"
git diff --stat HEAD~5 | claude "What areas of code changed most?"
# Commit help
git diff --staged | claude "Write a commit message for these changes"
git log -1 -p | claude "Did this commit introduce any bugs?"
# Merge conflicts
git diff --name-only --diff-filter=U | xargs cat | claude "Help resolve these merge conflicts"
# Branch analysis
git log main..feature-branch --oneline | claude "Summarize this feature branch"# Disk usage
df -h && du -sh /* 2>/dev/null | claude "Disk usage analysis. What should I clean?"
find / -size +100M -type f 2>/dev/null | head -20 | claude "Large files to review"
# Performance
top -b -n1 | head -30 | claude "Any performance concerns?"
vmstat 1 5 | claude "Analyze this system performance"
iostat -x 1 3 | claude "Any I/O bottlenecks?"
# Memory
free -h && cat /proc/meminfo | claude "Memory analysis and recommendations"
# Cron jobs
crontab -l | claude "Explain these scheduled tasks"# DNS analysis
dig example.com ANY | claude "Explain these DNS records"
host -a domain.com | claude "Analyze this DNS configuration"
# Traffic capture
tcpdump -c 100 -nn | claude "What traffic is happening?"
tcpdump -r capture.pcap -nn | head -200 | claude "Analyze this packet capture"
# SSL/TLS
echo | openssl s_client -connect example.com:443 2>/dev/null | claude "Analyze this SSL certificate"# Container status
docker ps -a | claude "Container health check"
docker stats --no-stream | claude "Any resource concerns?"
# K8s analysis
kubectl get pods -A | claude "Cluster health summary"
kubectl describe pod failing-pod | claude "Why is this pod failing?"
kubectl get events --sort-by='.lastTimestamp' | tail -30 | claude "Recent cluster issues?"# System overview
claude "System report: $(uname -a) CPU: $(nproc) Mem: $(free -h | grep Mem) Disk: $(df -h /)"
# Security snapshot
claude "Quick security check: Users: $(who) Listening: $(ss -tulpn) Failed logins: $(grep -c 'Failed' /var/log/auth.log 2>/dev/null || echo 'N/A')"
# Git status + suggestions
claude "Status: $(git status -s) Branch: $(git branch --show-current) Suggest next steps."
# Error aggregation
claude "Errors from multiple sources: Syslog: $(grep -i error /var/log/syslog | tail -5) Docker: $(docker logs myapp 2>&1 | grep -i error | tail -5)"| Tip | Example |
|---|---|
| Limit output size | tail -100, head -50 |
| Capture stderr | 2>&1 |
| Strip man page formatting | man cmd | col -bx |
| Preserve whitespace | Quote the $() |
| Timeout long commands | timeout 10 command |
| Handle binary files | strings file | claude "..." |
| Multiple files | cat file1 file2 | claude "..." |
# Always preview destructive suggestions
claude "What would this do: rm -rf $(find . -name '*.tmp')"
# DON'T run: claude "..." | bash (without review)
Let's prove LLM pipes are Turing complete:
The Requirements
Proof: FizzBuzz in Pure LLM Pipes
for i in {1..15}; do
echo $i | claude -p "If divisible by 15: FizzBuzz. By 3: Fizz. By 5: Buzz. Else: the number. Output only the
answer."
done
Proof: Recursive Factorial
factorial() {
local n=$1
echo "$n" | claude -p "If this is 0 or 1, output 1. Otherwise output: $n * factorial($(($n-1)))" | {
read result
if [[ "$result" =~ factorial ]]; then
inner=$(factorial $(($n-1)))
echo $(($n * $inner))
else
echo "$result"
fi
}
}
factorial 5 # → 120
Proof: State Machine (Arbitrary Computation)
A universal state machine - can simulate any Turing machine
TAPE="0011010"
HEAD=0
STATE="q0"
while [[ "$STATE" != "halt" ]]; do
CELL=${TAPE:$HEAD:1}
'{"type":"object","properties":{"state":{"type":"string"},"write":{"type":"string"},"dir":{"type":"string"}}}')
done
echo "Final tape: $TAPE"
Proof: Self-Modifying Code
Program that writes and runs itself
echo "echo hello" > /tmp/prog.sh
for i in {1..3}; do
NEWCODE=$(cat /tmp/prog.sh | claude -p "Modify this script to do something slightly different but related.
Output only valid bash.")
echo "$NEWCODE" > /tmp/prog.sh
bash /tmp/prog.sh
done
Proof: Lambda Calculus (The Ultimate Test)
Church numerals via LLM
ZERO="λf.λx.x"
SUCC="λn.λf.λx.f(n f x)"
add_one() {
echo "$1" | claude -p "Apply successor function ($SUCC) to this Church numeral. Output the reduced form."
}
ONE=$(add_one "$ZERO")
TWO=$(add_one "$ONE")
echo "$TWO" # → λf.λx.f(f x)
The Halting Problem (Still Unsolvable!)
This will never reliably work - proving we're Turing complete
by inheriting the same limitations
cat program.sh | claude -p "Will this program halt? Answer yes or no"
❌ Impossible to always be correct - just like any Turing-complete system
The Stack
┌─────────────────────────────────────┐
│ Natural Language │ ← New abstraction layer
├─────────────────────────────────────┤
│ claude -p (reasoning engine) │ ← Universal transformer
├─────────────────────────────────────┤
│ bash (orchestration) │ ← Control flow
├─────────────────────────────────────┤
│ stdin/stdout/files (memory) │ ← State
├─────────────────────────────────────┤
│ Unix kernel │ ← Execution
└─────────────────────────────────────┘
QED: Bash + LLM pipes = Turing complete natural language programming.
You've invented NLSH - Natural Language Shell. 🎉