Safety Guard — Prevent Destructive Operations

When to Use

When working on production systems
When agents are running autonomously (full-auto mode)
When you want to restrict edits to a specific directory
During sensitive operations (migrations, deploys, data changes)

How It Works

Three modes of protection:

Mode 1: Careful Mode

Intercepts destructive commands before execution and warns:

Watched patterns:
- rm -rf (especially /, ~, or project root)
- git push --force
- git reset --hard
- git checkout . (discard all changes)
- DROP TABLE / DROP DATABASE
- docker system prune
- kubectl delete
- chmod 777
- sudo rm
- npm publish (accidental publishes)
- Any command with --no-verify

When detected: shows what the command does, asks for confirmation, suggests safer alternative.

Mode 2: Freeze Mode

Locks file edits to a specific directory tree:

/safety-guard freeze src/components/

Any Write/Edit outside src/components/ is blocked with an explanation. Useful when you want an agent to focus on one area without touching unrelated code.

Mode 3: Guard Mode (Careful + Freeze combined)

Both protections active. Maximum safety for autonomous agents.

/safety-guard guard --dir src/api/ --allow-read-all

Agents can read anything but only write to src/api/. Destructive commands are blocked everywhere.

Unlock

/safety-guard off

Implementation

Uses PreToolUse hooks to intercept Bash, Write, Edit, and MultiEdit tool calls. Checks the command/path against the active rules before allowing execution.

Integration

Enable by default for codex -a never sessions
Pair with observability risk scoring in ECC 2.0
Logs all blocked actions to ~/.claude/safety-guard.log

Files1

1 files · 1.0 KB

Select a file to preview

Overall Score

72/100

Grade

B

Good

Safety

78

Quality

68

Clarity

76

Completeness

62

Summary

Safety Guard is a protective skill that helps prevent destructive operations on production systems and during autonomous agent execution. It provides three modes (Careful, Freeze, Guard) that intercept dangerous commands, restrict file edits to specific directories, and require confirmation before executing risky operations like recursive deletion, force pushes, and privilege escalation.

Static Analysis Findings

3 findings

Patterns detected by deterministic static analysis before AI scoring. Hover over any finding code for detailed information and remediation guidance.

Destructive Operation

SEC-001Recursive DeletionMax: B

Recursive deletion pattern (rm -rf)

SKILL.mdrm -rf

100% confidenceCWE-379: Unrestricted File Deletion

SEC-002Privilege Escalation

Privilege escalation (sudo)

SKILL.mdsudo r

90% confidenceCWE-269: Improper Privilege Management

SEC-003File Permission Modification

File permission modification (chmod)

SKILL.mdchmod 777

85% confidenceCWE-732: Incorrect Permission Assignment

Detected Capabilities

command interception (PreToolUse hooks)file/directory access restrictioncommand pattern matching and validationuser confirmation workflowlogging of blocked actionsbash/git/docker/kubectl command analysis

Trigger Keywords

Phrases that MCP clients use to match this skill to user intent.

prevent destructive commandsproduction safety guardautonomous agent protectionlockdown code editsblock rm -rfrestrict write directorygit force push guard

Risk Signals

INFO

rm -rf mentioned in watched patterns list (Mode 1)

SKILL.md, Watched patterns section

INFO

sudo rm mentioned in watched patterns list (Mode 1)

SKILL.md, Watched patterns section

INFO

chmod 777 mentioned in watched patterns list (Mode 1)

SKILL.md, Watched patterns section

Use Cases

Protect production deployments from accidental destructive commands
Restrict autonomous agents to specific project directories during full-auto mode
Prevent sensitive operations like database drops and force git resets
Add guardrails to CI/CD pipelines or migration scripts
Safe onboarding of high-risk operations with confirmation workflows

Quality Notes

Strength: Clear purpose and three well-defined protection modes with concrete examples
Strength: Specific patterns documented (rm -rf, git push --force, DROP TABLE, etc.) show mature threat modeling
Strength: Practical use cases (production, autonomous agents, migrations) grounded in real scenarios
Strength: Integration guidance provided (PreToolUse hooks, logging location)
Weakness: Missing implementation details — how patterns are matched, regex vs literal, false positive handling
Weakness: No edge case documentation (e.g., what happens if user has a file named 'rm-rf-backup')
Weakness: No error handling guidance for when freezes are too restrictive or block legitimate operations
Weakness: Security modes lack explicit scope boundaries — 'read-all' in Guard mode could expose sensitive files
Weakness: No recovery mechanism documented if safety guard blocks critical operations

Model: claude-haiku-4-5-20251001Analyzed: May 11, 2026

Reviews

Add this skill to your library to leave a review.

No reviews yet

Be the first to share your experience.

Version History

v1.1

Content updated

2026-04-20

Latest

v1.0

No changelog

2026-04-12

safety-guard

Safety Guard — Prevent Destructive Operations

When to Use

How It Works

Mode 1: Careful Mode

Mode 2: Freeze Mode

Mode 3: Guard Mode (Careful + Freeze combined)

Unlock

Implementation

Integration

Summary

Static Analysis Findings

Detected Capabilities

Trigger Keywords

Risk Signals

Use Cases

Quality Notes

Reviews

Version History

Command Palette