Catalog
garrytan/freeze

garrytan

freeze

Restrict file edits to a specific directory for the session. (gstack)

global
Allowed Tools
BashReadAskUserQuestion
New~643
v1.0Saved Jul 12, 2026

When to invoke this skill

Blocks Edit and Write outside the allowed path. Use when debugging to prevent accidentally "fixing" unrelated code, or when you want to scope changes to one module. Use when asked to "freeze", "restrict edits", "only edit this folder", or "lock down edits".

/freeze — Restrict Edits to a Directory

Lock file edits to a specific directory. Any Edit or Write operation targeting a file outside the allowed path will be blocked (not just warned).

mkdir -p ~/.gstack/analytics
echo '{"skill":"freeze","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}'  >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true

Setup

Ask the user which directory to restrict edits to. Use AskUserQuestion:

  • Question: "Which directory should I restrict edits to? Files outside this path will be blocked from editing."
  • Text input (not multiple choice) — the user types a path.

Once the user provides a directory path:

  1. Resolve it to an absolute path:
FREEZE_DIR=$(cd "<user-provided-path>" 2>/dev/null && pwd)
echo "$FREEZE_DIR"
  1. Ensure trailing slash and save to the freeze state file:
FREEZE_DIR="${FREEZE_DIR%/}/"
eval "$(~/.claude/skills/gstack/bin/gstack-paths)"
STATE_DIR="$GSTACK_STATE_ROOT"
mkdir -p "$STATE_DIR"
echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt"
echo "Freeze boundary set: $FREEZE_DIR"

Tell the user: "Edits are now restricted to <path>/. Any Edit or Write outside this directory will be blocked. To change the boundary, run /freeze again. To remove it, run /unfreeze or end the session."

How it works

The hook reads file_path from the Edit/Write tool input JSON, then checks whether the path starts with the freeze directory. If not, it returns permissionDecision: "deny" to block the operation.

The freeze boundary persists for the session via the state file. The hook script reads it on every Edit/Write invocation.

Notes

  • The trailing / on the freeze directory prevents /src from matching /src-old
  • Freeze applies to Edit and Write tools only — Read, Bash, Glob, Grep are unaffected
  • This prevents accidental edits, not a security boundary — Bash commands like sed can still modify files outside the boundary
  • To deactivate, run /unfreeze or end the conversation
Files1
1 files · 1.0 KB

Select a file to preview

Overall Score

79/100

Grade

B

Good

Safety

78

Quality

82

Clarity

85

Completeness

73

Summary

The freeze skill restricts file edits and writes to a user-specified directory for the duration of a session, preventing accidental modifications outside a focused scope. It works by installing PreToolUse hooks on Edit and Write tools that check whether the target file path falls within the allowed boundary, and deny operations that fall outside it.

Static Analysis Findings

1 finding

Patterns detected by deterministic static analysis before AI scoring. Hover over any finding code for detailed information and remediation guidance.

Command Injection
SEC-011Dynamic Shell Eval

Shell eval/exec of dynamic content

SKILL.mdeval "

Detected Capabilities

file readbash executionshell variable expansiondirectory path resolutionstate file writeuser interaction (AskUserQuestion)tool hook interception

Trigger Keywords

Phrases that MCP clients use to match this skill to user intent.

freeze edits to directoryrestrict file changeslock editing scopeprevent accidental editsscope changes to folder

Risk Signals

WARNING

Shell eval of dynamic content in path resolution step

SKILL.md line: eval "$(~/.claude/skills/gstack/bin/gstack-paths)"

Use Cases

  • Prevent accidental edits to unrelated files during debugging sessions
  • Scope changes to a single module or directory when working on complex projects
  • Maintain a strict editing boundary when refactoring or implementing features in isolation
  • Protect critical paths from modification while allowing work in a designated area
  • Lock editing scope when collaborating to avoid cross-module changes

Quality Notes

  • Skill clearly documents its scope: Edit/Write blocking only, not a security boundary
  • Explicitly acknowledges that Bash commands like sed can bypass the boundary, setting realistic expectations
  • Good setup flow: ask user → resolve path → persist state → confirm to user
  • Hook mechanism is well-explained with security-relevant detail (trailing slash prevents substring matching)
  • State persistence via file is simple and session-scoped
  • Documentation includes deactivation instructions (/unfreeze or session end)
  • Analytics logging included but with proper error suppression
  • Limitation note about Bash bypass is important for users to understand this is a convenience tool, not a security boundary
Model: claude-haiku-4-5-20251001Analyzed: Jul 12, 2026

Reviews

Add this skill to your library to leave a review.

No reviews yet

Be the first to share your experience.

Use garrytan/freeze in your dev environment

Command Palette

Search for a command to run...