Safety Guard
Block destructive shell and git commands and optionally confine writes when agents run against production or sensitive deploy windows.
Overview
safety-guard is a journey-wide agent skill that intercepts destructive commands and optional write scopes—usable whenever a solo builder needs to constrain agents before committing to production or deploy changes.
Install
npx skills add https://github.com/affaan-m/everything-claude-code --skill safety-guardWhat is this skill?
- Careful Mode intercepts destructive patterns (rm -rf, force push, DROP TABLE, kubectl delete, chmod 777, npm publish, --
- Freeze Mode restricts Write/Edit to a chosen directory tree
- Guard Mode combines destructive-command warnings with directory-scoped writes
- Suggests safer alternatives and confirmation before executing risky commands
- Supports /safety-guard guard --dir with read-all for maximum autonomous-agent safety
- 3 protection modes: Careful, Freeze, and combined Guard
Adoption & trust: 3.4k installs on skills.sh; 210k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
Autonomous agents can run force pushes, schema drops, or recursive deletes on production because nothing gates destructive shell and git actions.
Who is it for?
Indie builders running Claude Code (or similar) in full-auto on real repos, production servers, or during migrations and deploys.
Skip if: Local throwaway sandboxes where you intentionally want unrestricted destructive commands and no write boundaries.
When should I use this skill?
When working on production systems, running agents autonomously, restricting edits to a directory, or during migrations, deploys, and data changes.
What do I get? / Deliverables
Risky commands are flagged or blocked, writes stay inside allowed directories, and you get confirmation prompts plus safer command suggestions during sensitive work.
- Blocked or confirmed destructive commands
- Write-scope enforcement for nominated paths
Recommended Skills
Journey fit
Useful at every journey phase - explore requirements and options before committing to a direction.
Where it fits
Freeze writes to src/api/ while an agent refactors handlers without touching Terraform or secrets folders.
Enable guard mode before an agent assists with a release script that could run force git or publish commands.
Intercept kubectl delete and docker system prune during an autonomous incident-response session on a live cluster.
Run careful mode while applying a database migration so DROP TABLE requires explicit human confirmation.
How it compares
Runtime safety harness for agent tools, not a static code-review rubric or a cloud MCP deploy server.
Common Questions / FAQ
Who is safety-guard for?
Solo builders and small teams who let agents run shell, git, and file edits against production or shared infrastructure.
When should I use safety-guard?
Use it on production systems, during deploys and migrations, when freezing edits to one directory, and whenever agents run autonomously in guard or careful mode.
Is safety-guard safe to install?
It adds guardrails but is not a guarantee; review the Security Audits panel on this Prism page and test modes on a staging repo before trusting full-auto on prod.
SKILL.md
READMESKILL.md - Safety Guard
# Safety Guard — Prevent Destructive Operations ## When to Use - When working on production systems - When agents are running autonomously (full-auto mode) - When you want to restrict edits to a specific directory - During sensitive operations (migrations, deploys, data changes) ## How It Works Three modes of protection: ### Mode 1: Careful Mode Intercepts destructive commands before execution and warns: ``` Watched patterns: - rm -rf (especially /, ~, or project root) - git push --force - git reset --hard - git checkout . (discard all changes) - DROP TABLE / DROP DATABASE - docker system prune - kubectl delete - chmod 777 - sudo rm - npm publish (accidental publishes) - Any command with --no-verify ``` When detected: shows what the command does, asks for confirmation, suggests safer alternative. ### Mode 2: Freeze Mode Locks file edits to a specific directory tree: ``` /safety-guard freeze src/components/ ``` Any Write/Edit outside `src/components/` is blocked with an explanation. Useful when you want an agent to focus on one area without touching unrelated code. ### Mode 3: Guard Mode (Careful + Freeze combined) Both protections active. Maximum safety for autonomous agents. ``` /safety-guard guard --dir src/api/ --allow-read-all ``` Agents can read anything but only write to `src/api/`. Destructive commands are blocked everywhere. ### Unlock ``` /safety-guard off ``` ## Implementation Uses PreToolUse hooks to intercept Bash, Write, Edit, and MultiEdit tool calls. Checks the command/path against the active rules before allowing execution. ## Integration - Enable by default for `codex -a never` sessions - Pair with observability risk scoring in ECC 2.0 - Logs all blocked actions to `~/.claude/safety-guard.log`