safety-guard
Use this skill to prevent destructive operations when working on production systems or running agents autonomously.
Install
mkdir -p .claude/skills/safety-guard && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/15091" && unzip -o skill.zip -d .claude/skills/safety-guard && rm skill.zipInstalls to .claude/skills/safety-guard
Activation
This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.
Use this skill to prevent destructive operations when working on production systems or running agents autonomously.About this skill
Safety Guard — Prevent Destructive Operations
When to Use
- When working on production systems
- When agents are running autonomously (full-auto mode)
- When you want to restrict edits to a specific directory
- During sensitive operations (migrations, deploys, data changes)
How It Works
Three modes of protection:
Mode 1: Careful Mode
Intercepts destructive commands before execution and warns:
Watched patterns:
- rm -rf (especially /, ~, or project root)
- git push --force
- git reset --hard
- git checkout . (discard all changes)
- DROP TABLE / DROP DATABASE
- docker system prune
- kubectl delete
- chmod 777
- sudo rm
- npm publish (accidental publishes)
- Any command with --no-verify
When detected: shows what the command does, asks for confirmation, suggests safer alternative.
Mode 2: Freeze Mode
Locks file edits to a specific directory tree:
/safety-guard freeze src/components/
Any Write/Edit outside src/components/ is blocked with an explanation. Useful when you want an agent to focus on one area without touching unrelated code.
Mode 3: Guard Mode (Careful + Freeze combined)
Both protections active. Maximum safety for autonomous agents.
/safety-guard guard --dir src/api/ --allow-read-all
Agents can read anything but only write to src/api/. Destructive commands are blocked everywhere.
Unlock
/safety-guard off
Implementation
Uses PreToolUse hooks to intercept Bash, Write, Edit, and MultiEdit tool calls. Checks the command/path against the active rules before allowing execution.
Integration
- Enable by default for
codex -a neversessions - Pair with observability risk scoring in ECC 2.0
- Logs all blocked actions to
~/.claude/safety-guard.log