A friendly, role-aware onboarding tour for IT and InfoSec folks meeting Claude Code for the first time. Free. Open source. About 15 minutes from install to your first useful session.
Released under MIT. Made by Josh Botz.
Check any of these:
Any of those hit? Keep reading — this is built for you.
Concrete, not abstract. By tomorrow morning you could be doing things like:
Paste a phishing email — Claude pulls the indicators, drafts a verdict paragraph, saves the analysis to a file.
Turn an auditor's findings PDF into a remediation tracker with owner, severity, due date, and evidence needed.
Generate a Mermaid network diagram from a folder of router config exports, ready to paste into Confluence.
Turn your CTF notes into a portfolio-worthy GitHub writeup — narrating every git step so you actually learn what's happening.
The tour picks one task matched to your role and walks you through it live — teaching the concepts as the work happens.
Disclosing this before you create an account, because it matters. NewClauder itself is free and MIT-licensed — the underlying tool is not.
Start here. Plenty for learning, light or moderate daily use, most personal projects. You can upgrade later.
For people using Claude Code as a daily driver. Substantially higher limits. Not where beginners should start.
Useful if you want to meter usage by tokens rather than commit to a subscription. Skip unless you already know you prefer this model.
Want to feel out the vibe before paying? Try the free chat at claude.ai first — ask it real questions from your job and see how it thinks. The free plan won't run Claude Code (the agent on your machine), but it's the same brain. If you like the conversation, the paid plan unlocks the hands.
Once you have Claude Code installed and signed in. Two commands. Run them one at a time — first one, wait for confirmation, then the second.
/plugin marketplace add joshbotz/NewClauderYou should see: Marketplace 'NewClauder' added. If you see anything else, copy the message and paste it back to Claude with "what does this mean?" — Claude is excellent at decoding its own errors.
/plugin install new-clauder@new-clauderYes, the name really is repeated — that's the install format: marketplace-name@plugin-name, and I named both the same.
I'm new to Claude Code, walk me through itOr any natural variation. The tour picks up from there.
Pasted both commands at once? You'll see an error like is not a valid repository name. Re-run them one at a time. Welcome to slash-command quirks.
The honest version, in three plain-English points. Because Claude Code can run commands and edit files on your computer, the safety story matters more than the marketing story.
Same as if you typed them yourself. Approving rm -rf deletes files. Approving "curl this and pipe to bash" runs whatever that script says. There's no sandbox between Claude and your filesystem — the approval prompt is the safety layer. Read the proposed command before you say yes.
Claude reads file content and web pages as both data and instructions. A malicious README, log entry, or webpage can try to redirect Claude into taking actions you didn't ask for. This is the defining new threat class for agentic AI tools. The tell: if Claude proposes an action that doesn't match what you originally asked for after it just read a file or visited a URL, stop and check before approving.
Type /permissions and switch to plan mode. Claude can look at things and propose ideas, but it can't change anything until you flip it back. Recommended for your first session and any session pointed at unfamiliar data.
Things people think they need before starting. They don't.
Pick those up later, on demand, when a real task forces you into them. Day one, you just need to type and read.
The repo, the source, the changelog, and the issue tracker all live on GitHub.