Claude Cowork Masterclass

What Claude Cowork Is

Cowork is the third mode in Claude Desktop, alongside Chat and Code. It uses the same agentic architecture that powers Claude Code, but it is built for non-coding knowledge work and requires no terminal. Anthropic's framing is exact: in Chat, Claude responds but cannot touch your files; in Cowork, Claude has permission to read, edit, and create files in folders you specify.

The lineage matters. Claude Code launched in November 2024 for developers. Tech-savvy non-coders began using it for filesystem work that had nothing to do with programming, so Anthropic wrapped the same agent loop in the familiar Claude interface and shipped Cowork. It was announced in January 2026 as a research preview and went generally available on April 9, 2026. The research-preview label is no longer accurate, and any current description should say so.

Two capabilities inside Cowork remain in research preview and are tier-gated: computer use (direct screen control) and mobile hand-off, both Pro and Max only. The product is GA; these two features are not. Conflating the two is the most common factual error in current write-ups.

Source: Anthropic, claude.com/product/cowork; Claude Help Center, "Get started with Claude Cowork."

Cowork vs Chat vs Claude Code vs Dispatch

Choosing the wrong surface is the most common waste. The decision is not about capability ranking; it is about where the work lives.

A useful rule from production: if the deliverable is a commit, use Code; if the deliverable is a document, a spreadsheet, an organized folder, or an action in a SaaS app, use Cowork. Both run the same underlying agent loop, so the skill transfers; the tools and permissions differ.

Source: Anthropic product pages for Cowork, Claude Code, and Dispatch ("Put Claude to work on your computer," March 23, 2026).

Who Cowork Is For

The common thread is recurring, multi-step work that touches files or apps. If the task is a single answer or a piece of thinking, Chat is faster and cheaper. If it is a repository change, Claude Code is the right surface. Cowork earns its higher usage cost when the deliverable is a document, a spreadsheet, an organized folder, or an action in a connected tool, repeated on a cadence.

Legal professionals became the most engaged knowledge-work group on Cowork, which is why Anthropic expanded its legal plugin set in May 2026. The pattern generalizes: the strongest fit is any role that produces structured documents from messy inputs on a schedule.

Source: claude.com/product/cowork; Anthropic plugin announcements, 2026.

Plans and What Each Unlocks

Two non-obvious facts follow from the table. Computer use and mobile hand-off, the two research-preview capabilities inside Cowork, are available only on Pro and Max; Team and Enterprise do not have them at this time. Conversely, the governance controls a company needs — role-based access, group spend limits, usage analytics, and OpenTelemetry — arrive with Team and Enterprise, not the individual tiers. An individual power user and an enterprise admin are optimizing for opposite ends of the same product.

Cowork consumes usage limits faster than Chat on every tier, so the practical capacity of a plan depends as much on how you batch work as on the headline price. Pricing here is current as of 2026; verify the latest figures at claude.com/pricing before budgeting.

Source: claude.com/product/cowork; Anthropic pricing page, 2026.

The Two-Environment Architecture

This is the single most important technical correction over earlier descriptions that called Cowork "a sandboxed Linux shell." That describes only half of it.

The native half: the agent loop

Claude's conversation handling, file reads and writes in your connected folders, web fetches, and local plugin MCP servers run natively on your device. Access is gated by an application-layer permission system that enforces your connected-folder rules and your organization's network egress settings. Your files never leave your machine to be edited.

The isolated half: the VM

Any shell command and any code Claude writes execute inside a dedicated Linux virtual machine, isolated from the host operating system by the platform hypervisor: Apple Virtualization.framework on macOS and Hyper-V on Windows. The VM enforces its own network egress filtering, syscall restrictions, and per-session user isolation.

Three consequences are worth memorizing. First, if the VM cannot start, file and web tools keep working while shell and code report "workspace unavailable" until it recovers. Second, endpoint detection tools cannot inspect activity inside the VM by design; if your compliance posture depends on endpoint visibility, account for that before rollout. Third, Cowork activity is not captured in audit logs, the Compliance API, or data exports; OpenTelemetry is the supported monitoring path.

For an operator, the security model is a trade. The VM gives you a blast radius: code Claude writes cannot reach the host filesystem except through the folders you connected, and its network calls pass through the VM's own egress filter rather than your machine's. The cost is visibility. Because endpoint detection lives on the host, it sees the Claude process but not what runs inside the VM. If your controls assume endpoint inspection of every executed command, design around that gap before you enable Cowork on managed devices, and rely on OpenTelemetry for the activity record.

Source: Claude Help Center, "Claude Cowork desktop architecture overview," April 24, 2026.

The Capability Surface

The surface is broad. The capabilities that change how you work:

• Direct local file access in folders you connect, with no upload or download step.
• Sub-agent coordination: Claude splits complex work and runs parallel workstreams; a sub-agent's context is invisible to the parent, which is a context-discipline feature, not a bug.
• Professional outputs: Excel with working formulas, PowerPoint, and formatted documents, further editable in Claude for Excel and PowerPoint.
• Long-running tasks without conversation timeouts or context-limit interruptions.
• Scheduled tasks on a cadence or on demand (see the dedicated section).
• Projects that group related tasks into persistent workspaces with their own files, links, instructions, and memory.
• Plugins and MCP connectors that extend Claude into your tools.
• Computer use, mobile hand-off, and live artifacts for screen control, phone assignment, and connector-calling HTML.

Supported file types include Word, PDF, plain text, Markdown, HTML, JSON, CSV, TSV, Excel (.xlsx/.xls/.xlsm), PowerPoint, common images, YAML, XML, TOML, Jupyter notebooks, and essentially any programming language. Connectors expose still more.

Two newer capabilities are worth calling out. Live artifacts are interactive HTML that Claude builds and that can call your connectors at load time, so a dashboard reflects current data each time you open it rather than a frozen snapshot. Mobile hand-off, delivered through Dispatch, lets you assign a task from your phone to your awake desktop, which then executes and reports back; it does not run on the phone itself, and like computer use it is a research preview limited to Pro and Max. Sub-agents deserve one caution: a sub-agent's working context is not visible to the parent once it finishes, so anything you need must be returned in its digest.

Source: Claude Help Center, "Get started with Claude Cowork"; claude.com/product/cowork FAQ.

The Tool-Priority Ladder

This is the mental model that explains Cowork's behavior. Claude always reaches for the most precise tool available.

1. Connectors. If a connector exists — Gmail, Google Drive, Slack, Shopify, Zoom — Claude uses it. Fastest and most reliable.
2. Browser. When no connector exists, Claude navigates Chrome through the Claude in Chrome connector.
3. Screen interaction. As a last resort, computer use lets Claude click, type, and open desktop apps directly.

Computer use is a research preview on Pro and Max plans only; Team and Enterprise do not have it at this time. It has no sandbox between Claude and your apps. Anthropic mitigates with per-app permission prompts, a default block on sensitive apps such as investment and crypto platforms, a user-configurable app blocklist, and prompt-injection scanning, while stating plainly that these safeguards are imperfect.

The practical takeaway for an operator: every connector you add moves work up the ladder, which means faster, cheaper, and more reliable runs. The screen is powerful but slow; treat it as the fallback, not the default.

The speed gap is large enough to change how you work. Pulling the last fifty Slack messages through the Slack connector is a single structured call that returns in seconds; having Claude open Slack on screen, scroll, and read the same messages can take minutes and can misread the interface. The connector also returns clean data rather than a screen Claude must interpret. That is the whole argument for the ladder: precision and speed both improve as you move up a rung.

Source: Claude Help Center, "Let Claude use your computer in Cowork," April 24, 2026.

Connectors and What They Unlock

Every connector you add changes what Cowork can finish without you. The current set and a representative task for each:

When no direct connector exists, Claude in Chrome drives the site through the browser, and only when that fails does it fall to screen interaction. The discipline for an operator is simple: connect the tools you touch daily first, because each connection converts a slow, error-prone screen task into a fast structured one and lowers the usage cost of the whole workflow. A write channel — Shopify, WordPress, or a code host — is especially high-value, because it lets Claude act on its own audit rather than handing you a list of changes to make by hand.

Source: claude.com/product/cowork; Claude Help Center connector documentation, 2026.

Permissions and the Two Modes

Permission design is where you decide how much rope the agent gets.

• Ask before acting is the default and the right choice for new tools, unfamiliar files, or anything you want to watch.
• Act without asking is faster and appropriate only when you are actively supervising trusted files and sites.

Two guarantees hold in both modes. Claude requires explicit permission before permanently deleting any file, surfaced as a prompt you must approve. And Claude can read and write only in the folders you have connected; network access follows the egress settings you configured.

One nuance: egress permissions do not restrict the web fetch or web search tools or MCPs, including Claude in Chrome. Web fetch runs server-side and is limited to search results and URLs you have shared. Team and Enterprise owners can turn off web search for Cowork and Chat, and toggle Claude in Chrome, in Organization settings.

Source: Claude Help Center, "Get started with Claude Cowork" and "Use Claude Cowork safely."

Scheduled Tasks and Projects

Scheduled tasks turn Cowork from a tool you operate into a system that runs. A scheduled task carries pre-approved tool grants so unattended runs do not stall on permission prompts. The one hard constraint: the task only fires while the machine is awake and the app is open. There is no cloud daemon doing the work while your laptop is closed.

An advanced operator pattern, observed across a 22-session daily-brief workflow, is to store each scheduled task as its own folder containing a SKILL.md with three parts: a frontmatter description that controls the prompt Claude receives, a cron schedule, and a body of instructions. The lifecycle is author the SKILL.md, live-test once to pre-approve every tool grant, schedule it, then iterate the body while preserving the cron. After any template edit, verify the on-disk file byte-for-byte against the source so drift is never invisible.

Projects are the unit for recurring or long-running work. Each project keeps its own files, links, instructions, and memory. Memory is supported within projects and is not retained across standalone sessions; sensitive data such as passwords, financial details, and health information is excluded, and you can view, edit, or delete what Claude remembers.

Two ways to create one: type /schedule inside a task to turn the current work into a recurring job, or open the Scheduled sidebar to add and manage jobs directly. A schedule can fire on a cadence — a weekday brief at 06:30, a Friday report, a Sunday draft — or on demand when you trigger it. The cadence is expressed as a cron-style schedule, and because the run is unattended, the tool grants it needs must already be approved, which is why a single live test before scheduling is non-negotiable.

Source: Claude Help Center, "Schedule recurring tasks in Cowork" and "Organize your tasks with projects in Cowork."

Plugins, Skills, Sub-Agents, and Connectors

Plugins are how you stop pasting twelve-paragraph instructions every session. Each plugin packages three things: skills (Markdown files that expand at runtime with domain knowledge and best practices), connectors (MCP servers exposing external tools), and sub-agents (specialized Claude instances that own a specific task).

Anthropic ships domain plugins for brand voice, finance, legal, and more; legal professionals became the most engaged Cowork users of any knowledge-work function, which is why the legal plugin set expanded substantially in May 2026. A reported customer result: Jamf turned a seven-facet performance-review spreadsheet with branching logic into a guided interactive Cowork experience in 45 minutes, work that would otherwise have required a team building a custom React app.

For an operator, the discipline is one plugin or skill per recurring workflow. Author a skill once, install it, and Claude carries the constraints into every session instead of relearning them.

Source: claude.com/product/cowork; Anthropic blog, "Customize Claude for your team with plugins"; Jamf customer story.

Enterprise and Admin Controls

Cowork ships with the governance surface a team needs before it trusts an agent with files. The six controls that landed at general availability:

• Role-based access controls determine who can use Cowork and which capabilities they reach.
• Group spend limits cap usage by team, which matters because agentic tasks burn capacity faster than chat.
• Usage analytics, including an Analytics API, expose what is being run and by whom.
• OpenTelemetry observability streams tool calls, file access, and approval states to a SIEM. This is the supported monitoring path, because Cowork activity is not captured in audit logs, the Compliance API, or data exports.
• A Zoom connector brings meeting content into Cowork through MCP.
• Per-tool connector controls let admins enable or disable individual connectors rather than all-or-nothing.

Two device-level keys are enforced through mobile device management: one disables local MCP servers and the other disables desktop extensions, so a managed fleet can run Cowork without local-code surface. Organizations can use Claude accounts directly or route to Claude models on Amazon Bedrock, Google Cloud's Vertex AI, or Microsoft Foundry, which keeps deployment inside an existing cloud and compliance boundary.

Plan one fact into any rollout: endpoint detection tools cannot inspect activity inside the VM, and Cowork is explicitly not for HIPAA, FedRAMP, or FSI regulated workloads. PayPal ran a customer rollout webinar with Anthropic; Zapier connected its organizational database, Slack, and Jira so a non-engineer could build an internal dashboard that had been blocked on engineering capacity.

Source: Anthropic, "Claude Cowork is now generally available," April 9, 2026; claude.com/product/cowork; Zapier and PayPal customer stories.

The Autonomy Ladder

The autonomy ladder is not a product feature; it is an operator discipline, and it is the difference between an agent you trust and one you babysit. The rungs from one real deployment:

• Autonomous: publish a Shopify blog post via a publish script; build and schedule a video Short; post a single pinned comment, but only for user-authored copy with no paraphrase allowed.
• Drafts-only: LinkedIn, X, Reddit, and community posts. Claude writes; the human pastes.
• Blocked: Facebook and Instagram, by platform safety blocks.
• Prohibited: any account creation, financial action, or permission change. Cowork's built-in safety rules block these regardless of instruction.

The reason to write the ladder down is that ambiguity defaults to risk. An agent that can post anywhere will eventually post something you would not have. Carve out autonomous exceptions deliberately, one at a time, after you have watched the workflow run.

Source: DDS Cowork operational corpus (89 sessions); Anthropic safety guidance on prohibited actions.

Push-Back as a Feature

Compliance is not the goal; correctness is. A well-instructed Cowork instance pushes back when a proposed action would destroy value, and it distinguishes its own limitations from the environment's.

Concrete instances from production: it refused to create a duplicate Facebook Page that would have abandoned 17,959 followers and the associated monetization and pixel history, proposing a Meta Support escalation instead. It acknowledged a stale grep cache rather than insisting a file was already clean. It separated model limitations from Cowork environment limitations during platform debugging, so the human fixed the right layer.

Design for this. State your non-negotiables and the value at stake in your instructions, and reward the agent for refusing rather than guessing. An agent that asks "are you sure?" at the right moment is doing the job; an agent that silently executes a destructive instruction is not.

Source: DDS Cowork operational corpus (89 sessions).

Receipts and Validation Discipline

Nothing ships unchecked. The pattern is simple: name the test alongside the deliverable, and run it before claiming "done."

• Morning brief: a shell wc enforces an under-1,400-word ceiling and counts exactly six FAQ headings; a forbidden-string check blocks the word "weekly."
• LinkedIn: a bash-verified 1,300-1,500 character window. X: each post under 280 characters including its prefix. Community: under 500.
• Shopify edits: schema count, settings count, JavaScript brace balance, Liquid tag balance, and a forbidden-string scan.
• Scheduled-task templates: a byte-for-byte diff against the source after any update, so drift is never silent.
• Pinned comment: a visible "Pinned by" badge and toast must appear before the action is logged as complete.

This is the same discipline that produced this page: thirteen JSON-LD blocks validated as JSON, an FAQ accordion count matched exactly to the schema, and a copy button verified against every code block. Receipts are how vibe coding stays honest at production scale.

Source: DDS Cowork operational corpus; SEO Magnet System audit gates.

The Build Manifest Pattern

When work is done by a chain of agents, the honest move is to show the chain. Every page in this academy ships with a manifest. The manifest for this masterclass:

"I did not write a line of this. I designed the constraints. The agents did the rest. This is what vibe coding looks like in production." — Robert McCullock, Architect-CEO, Design Delight Studio

Source: DDS Vibe Academy build standard.

Honest Limits and Non-Uses

A masterclass that only sells the upside is not honest. The real constraints:

• Desktop-bound. The Desktop app must stay open and the computer awake, or tasks stop. Mobile only hands a task to the awake desktop; it does not execute on the phone.
• Not for regulated workloads. Anthropic states plainly: do not enable Cowork for HIPAA, FedRAMP, or FSI regulated workloads.
• Observability gaps. Cowork activity is not in audit logs, the Compliance API, or data exports; OpenTelemetry is the only monitoring path, and endpoint tools cannot see inside the VM.
• Memory is project-scoped and not retained across standalone sessions.
• No sharing of sessions or artifacts between users.
• Higher usage burn. Agentic tasks coordinate sub-agents and many tool calls, so Cowork consumes your allocation faster than Chat. Batch related work; reserve Cowork for tasks that need file access or extended execution.

Source: claude.com/product/cowork FAQ; Claude Help Center architecture and getting-started articles.

Your First Week With Cowork

A minimum starter kit, drawn from a working solo-founder setup:

1. One working folder that holds deliverables, drafts, and assets in a flat structure. Do not over-organize early.
2. A standing-instructions file — global instructions in Settings, plus folder instructions for project-specific context. Roughly fourteen lines is enough to start. Update it whenever you re-explain a constraint.
3. One MCP write channel to your platform — Shopify, Notion, or GitHub. Cowork audits; the connector writes.
4. One scheduled task for a recurring action, live-tested once to pre-approve every grant before it runs unattended.
5. Drafts-only as the default, with autonomous exceptions added deliberately, not by accident.

What not to delegate: final deploy authority on production data, anything financial (Cowork blocks this anyway), strategic decisions about what to build, and posting to platforms where a bad autonomous post would carry reputational risk.

Source: DDS Cowork operational corpus, scaling guide.

Worked Example: A Morning Brief, End to End

This is the pattern that turned an ad-hoc task into a system that has run across more than twenty sessions without intervention.

1. Author the SKILL.md. One folder holds the task. Its SKILL.md has three parts: a frontmatter description that becomes the prompt Claude receives, the schedule, and a body of instructions. The body sets the rules: under 1,400 words, exactly six headings, category-prefixed news items, and a forbidden word so the brief never calls itself "weekly."
2. Live-test once. Run it by hand a single time. This is not a formality; it is how every tool grant the task needs — Gmail, Calendar, web search, file write — gets pre-approved, so the unattended run never stalls waiting for a click.
3. Schedule it. Add the cron expression for 06:30 on weekdays. The task now fires on its own, as long as the machine is awake and the Desktop app is open.
4. Iterate the body, keep the schedule. When the brief needs a new section or a tighter limit, edit only the description and body of the SKILL.md. Never touch the cron line; that is what keeps the cadence stable across edits.
5. Verify by byte diff. After any edit, re-read the on-disk file and diff it against the intended source. Drift in a scheduled task is invisible until it produces a wrong brief at 06:30; the diff makes it visible at edit time instead.

The output is gated before it saves: a shell word count enforces the ceiling, a heading count confirms exactly six sections, and a forbidden-string scan blocks the banned word. Nothing reaches the briefs folder unchecked. Every other recurring task in the system is a variation on these five steps.

Source: DDS Cowork operational corpus (22-session morning-brief workflow).

Common Mistakes

• Wrong-surface waste. Running a quick question or a draft through Cowork spends agentic capacity on work Chat does faster and cheaper. Reserve Cowork for tasks that touch files, apps, or long execution.
• Over-organizing too early. Building an elaborate folder hierarchy before Claude has worked in it tends to fight the agent. Start flat; let structure emerge from real deliverables.
• Autonomy by default. Leaving the agent in "act without asking" on unfamiliar work is how a bad post or a wrong file write happens. Default to drafts-only and add autonomous exceptions one at a time, after you have watched the workflow.
• Skipping the live test. A scheduled task whose grants were never pre-approved stalls silently at fire time waiting for a permission prompt no one is there to click. Always run it once by hand first.
• Ignoring usage burn. Cowork coordinates sub-agents and many tool calls, so it consumes capacity faster than Chat. Batch related work into one session and move simple tasks back to Chat before the allocation runs out.
• Treating the VM as the whole product. Forgetting that file and web tools run natively, and only code runs in the VM, leads to confusion when the VM is unavailable but file work continues. Keep the two-environment model in mind.

Source: DDS Cowork operational corpus; Anthropic getting-started guidance.

Key Terms

Source: Anthropic Claude Help Center and product documentation, 2026.

20 Paste-Ready Cowork Prompts

The five-block intent template

Every prompt below follows the same shape, because vague instructions produce vague work and unbounded autonomy produces surprises. The five blocks force you to think like an architect before the agent acts:

1. Outcome. The finished deliverable in one sentence. Name the artifact, not the activity: "one formatted .xlsx with a category pivot," not "help with expenses."
2. Constraints. The boundaries. Formats, limits, forbidden actions, and anything that must never happen. This is where you encode "draft only" or "never delete."
3. Context. What Claude needs to know that it cannot infer: where the files are, what the data means, who the reader is, which platform rules apply.
4. Test. How correctness is checked. A word count, a reconciliation, a byte diff, a behavior verified in the DOM. If you cannot name a test, the task is underspecified.
5. Verification gate. The condition that must hold before the work is called done, and what to do when it does not — flag, wait, or stop, never guess.

The template is the transferable skill. The twenty prompts are worked examples of it.

1. Outcome. Sort and rename every file in /Downloads into typed, dated folders, and surface duplicates and review candidates in a written plan.
2. Constraints. Do not move, rename, or delete anything until I approve the plan. Use YYYY-MM-DD prefixes. Never auto-delete; flag duplicates and ambiguous files for me instead.
3. Context. The folder mixes invoices, screenshots, decks, audio, and archives accumulated over months. Treat invoices and contracts as sensitive and keep them out of any shared subfolder.
4. Test. After I approve, show a before/after tree plus counts of files moved, renamed, and flagged, and confirm the totals reconcile to the original file count.
5. Verification gate. Pause for explicit approval before the first write. Then confirm zero deletions occurred and that no file was lost in the move.

1. Outcome. Extract every line item from the receipt images and PDFs in this folder into one formatted .xlsx with working formulas and a category pivot.
2. Constraints. One row per receipt with date, vendor, category, subtotal, tax, total. Add a SUM total row and conditional formatting on amounts over 200. Native Excel only, not a CSV that needs fixing.
3. Context. Receipts vary in quality and orientation. Currency is USD. Categories are travel, meals, software, and supplies; map anything else to 'other'.
4. Test. Open the finished workbook and verify the SUM equals the manual total of the visible amounts, and that the pivot category totals reconcile to the line items.
5. Verification gate. Report any receipt you could not read by filename rather than guessing a number, and leave its amount blank with a note.

1. Outcome. Produce a formatted report comparing three named competitors across price, positioning, and feature set, with a one-paragraph synthesis at the end.
2. Constraints. Cite every factual claim to a named, dated source. Use no marketing adjectives. Where a fact is unconfirmed, write 'not verified' and state what to check.
3. Context. Draw on the local notes folder plus web research. The reader is a design director who wants substance, not a sales narrative.
4. Test. Each competitor row must carry at least one dated, attributable source, and the synthesis must follow only from the rows above it.
5. Verification gate. Flag any comparison point you could not source; do not fill a gap with inference or a plausible-sounding estimate.

1. Outcome. Every weekday at 06:30, assemble a one-page brief covering yesterday's unread email, today's calendar, and eight categorized AI-news items.
2. Constraints. Keep it under 1,400 words with exactly six section headings. No hype. Prefix each news item with a bracketed category. Issue-number the brief for day-to-day continuity.
3. Context. Connect Gmail and Calendar; web-search the news. Save the markdown to the briefs folder using a dated filename.
4. Test. Run a shell word-count check and a heading count before saving, and abort the save if either fails.
5. Verification gate. Live-test this task once now to pre-approve the Gmail, Calendar, and web-search grants, then confirm the next scheduled run time.

1. Outcome. Every Friday, pull this week's metrics from the analytics export and populate the existing weekly report template without altering its structure.
2. Constraints. Round to one decimal. Mark any metric with no data as 'n/a', never as zero. Do not edit headings, styles, or layout in the template.
3. Context. The template lives in this project folder; the export arrives as a CSV in the same folder each Thursday with a dated filename.
4. Test. Verify each populated cell against the source CSV before saving, and confirm no template heading changed.
5. Verification gate. If Thursday's CSV is missing on Friday, write a 'source missing' note and skip the run rather than carrying last week's numbers forward.

1. Outcome. Turn this meeting transcript into a structured summary with three blocks: decisions made, action items with owners, and open questions.
2. Constraints. Quote a decision verbatim only when the exact wording is load-bearing. Never invent an owner; label unassigned items 'owner: TBD'.
3. Context. The transcript is raw and unlabeled; speakers are named inline only where they identified themselves.
4. Test. Cross-check every action item against a specific sentence in the transcript and cite the line.
5. Verification gate. List any item whose owner is ambiguous instead of assigning one, and surface contradictions rather than resolving them silently.

1. Outcome. Audit this live URL at desktop, laptop, and mobile widths and return a numbered findings list, each with severity, location, evidence, and a concrete fix.
2. Constraints. Test copy buttons, accordions, and table-of-contents links functionally in the DOM, not by appearance. Tag each finding by severity.
3. Context. Use the Chrome connector. The browser cannot truly emulate a mobile viewport, so width is forced via CSS; flag every finding that depends on that.
4. Test. For each interactive element, verify the actual behavior — clipboard contents, expanded state, scroll position — not just a glyph change.
5. Verification gate. State explicitly which findings are forced-width and require confirmation on a real device before they are treated as bugs.

1. Outcome. Update the description frontmatter and body of this scheduled-task SKILL.md from the source template, preserving the schedule exactly.
2. Constraints. Change only the description and body. Do not touch the cron line or the tools list. Preserve file encoding and trailing newline.
3. Context. The source template is in the templates folder; the live task's SKILL.md is in the scheduled-tasks folder under its own name.
4. Test. After writing, re-read the on-disk file and diff it byte-for-byte against the intended result; report any unexpected difference.
5. Verification gate. Flag that the task needs one manual run to pre-approve any new tool grant the updated body introduces before it runs unattended.

1. Outcome. Each day, build the next item in the production queue only if the downstream scheduled queue has capacity; otherwise skip and log why.
2. Constraints. If the scheduled queue depth exceeds four, skip the build. Follow the fixed pack order strictly; never reorder items to fit.
3. Context. Read the production log for the next item and read the platform's scheduled queue for current depth through the connector.
4. Test. Confirm the queue-depth reading before deciding to build or skip, and re-read if the value looks malformed.
5. Verification gate. Append either a build row or a dated skip entry with its reason, and reconcile any anomaly you find in the log while you are there.

1. Outcome. Compress every image in this folder and write the optimized files back beside the originals, keeping the originals intact.
2. Constraints. Run the compression as a script in the workspace VM; write output only into the connected folder. Do not delete or overwrite sources.
3. Context. The folder is connected and the compression library is available in the workspace shell, which runs in the isolated VM.
4. Test. Verify each output file is smaller than its source and opens without error before reporting completion.
5. Verification gate. If the VM workspace is unavailable, report it and stop; do not leave the batch half-processed.

1. Outcome. Digest these long Liquid files into one structured map of sections, IDs, and cross-file references, under 1,500 words.
2. Constraints. Delegate the heavy read to a sub-agent. Do not load all files into the main context; receive only the structured digest back.
3. Context. The files are in this folder and together exceed a comfortable single-context size; some reference IDs defined in others.
4. Test. The digest must name every file and list its top-level section IDs and any cross-file references it found.
5. Verification gate. Capture everything you need in the digest, because the sub-agent's working context is not reachable afterward.

1. Outcome. Build a self-contained HTML dashboard artifact that reads my latest metrics through the connector each time it loads.
2. Constraints. Use no external storage. Render progressively so the page is usable before all data arrives. Handle a connector error with a visible fallback, never a blank screen.
3. Context. The connector is already authorized in this project, and the metrics shape is documented in the project files.
4. Test. Load the artifact twice and confirm it reflects updated data on the second load rather than caching the first.
5. Verification gate. If the connector call fails, the dashboard must show a clear, specific error state instead of rendering empty.

1. Outcome. Distill my existing posts into an enforceable brand-voice skill that Claude applies automatically to every future draft.
2. Constraints. Capture concrete, testable rules: tone, banned words, hook style, and the verbatim brand line. No vague adjectives like 'professional' without a rule behind it.
3. Context. Read the posts in this folder. The voice is direct and high-signal, with no emojis, no hashtags, and no hype.
4. Test. Generate one sample draft and check it against each rule in the skill, listing any rule it violates.
5. Verification gate. Run brand-voice discovery once with me before enforcing; do not infer or invent rules I have not confirmed.

1. Outcome. Write a policy file listing exactly which actions Claude may take autonomously, which remain drafts, and which are prohibited outright.
2. Constraints. Default every action to drafts-only. Name each autonomous exception explicitly with its scope. Grant no blanket permission.
3. Context. My platforms are Shopify, LinkedIn, X, Reddit, and YouTube. Account creation, financial actions, and permission changes are never allowed.
4. Test. Read the policy back to me and confirm that no action is autonomous unless I named it specifically.
5. Verification gate. Treat any unlisted action as drafts-only and ask before escalating it, even if it seems harmless.

1. Outcome. For this shipped artifact, generate a Build Manifest table listing every agent in the chain, its vendor, its role, and its concrete output.
2. Constraints. One row per agent. Describe roles factually with no promotional language about the result. Keep the format to four columns.
3. Context. The chain that produced this artifact is described in the project notes; some agents authored, others only verified.
4. Test. Confirm the manifest accounts for every agent that wrote or verified any part of the artifact, with nothing omitted.
5. Verification gate. If an agent's exact role is unclear, mark it 'role: unverified' rather than inventing a description.

1. Outcome. Each day, capture the reachable comments across my channels and draft two on-brand engagement replies per post.
2. Constraints. Draft only; post nothing. Where a platform is login-walled or blocked, say so plainly. Enforce the brand voice on every reply.
3. Context. Loop the channels in a fixed order. Some platforms are blocked in this environment; note them rather than faking results.
4. Test. Confirm each drafted reply matches the brand-voice rules before saving the roundup file.
5. Verification gate. Write a single dated file, and mark every blocked platform with the specific reason it was unreachable.

1. Outcome. Draft this Sunday's Reddit post for the subreddit due in my four-week rotation, in a numbered-levers structure.
2. Constraints. Title between 60 and 100 characters; body between 300 and 800 words. The academy URL belongs only in the first-reply comment, never the body.
3. Context. Compute the week of the month to select the subreddit, and honor that subreddit's specific self-promotion rule.
4. Test. Check the title and body length against the limits, and confirm no link appears anywhere in the body text.
5. Verification gate. Flag any claim you could not verify as 'not verified' instead of asserting it as fact.

1. Outcome. Set up a Cowork project for my weekly content operation, with its own files, folder instructions, and memory.
2. Constraints. Keep sensitive data out of memory entirely. Write folder instructions that carry the project context. Keep the file structure flat.
3. Context. The project covers Shopify publishing and social drafting; my standing preferences already live in the global instructions.
4. Test. Confirm the project loads its own instructions and that memory excludes any credential or financial detail.
5. Verification gate. Verify that what the project remembers is editable, and remove anything sensitive before the first real run.

1. Outcome. When this specific post goes live, post my exact comment text as the named account and pin it.
2. Constraints. Post the copy verbatim with no paraphrase or edit. Take no action until the target post is confirmed live.
3. Context. The comment text, the account, and the target post are all specified in the task; do not substitute any of them.
4. Test. Confirm the post is live before commenting, then confirm the pin succeeded by the badge and toast before logging success.
5. Verification gate. If the post is not live at the fire time, wait and report rather than posting to any other target.

1. Outcome. Help me stand up my first Cowork workflow end to end this week: one folder, one connector, one scheduled task.
2. Constraints. Keep my standing instructions under fourteen lines. Make drafts-only the default. Add no autonomous action unless I name it.
3. Context. I run a small business on Shopify and want a recurring brief I can trust by Friday without babysitting it.
4. Test. After setup, run the scheduled task once and show me its output plus the exact tool grants it used.
5. Verification gate. Live-test the task before scheduling it so the first unattended run does not stall on a permission prompt.

Sources

• Anthropic, Claude Cowork product page — status, pricing, file types, computer use, deployment. claude.com/product/cowork
• Anthropic, "Get started with Claude Cowork," Claude Help Center.
• Anthropic, "Claude Cowork desktop architecture overview," April 24, 2026.
• Anthropic, "Let Claude use your computer in Cowork," April 24, 2026.
• Anthropic, "Dispatch: Put Claude to work on your computer," March 23, 2026.
• DDS Cowork operational corpus — 89 documented sessions (autonomy ladder, push-back, receipts, Build Manifest).

About the Author