Manually validate a bash command for safety
Manually validate a bash command for safety without executing it. Use this to test commands before running them, especially destructive operations like `rm -rf` or `git push --force`.
/plugin marketplace add 27Bslash6/schlock/plugin install schlock@27bcommandValidate a bash command for safety without executing it.
This command uses the same validation engine as the automatic PreToolUse hook, allowing you to test commands before running them.
/schlock:validate "command to validate"
Examples:
/schlock:validate "rm -rf /tmp/test"
/schlock:validate "git push --force origin main"
/schlock:validate "ls -la"
When this command is invoked, follow these steps to validate the command:
Parse the user's input to extract the command to validate.
Expected format: /schlock:validate "command here"
If no argument provided:
Import and call the validation function:
import sys
from pathlib import Path
# Add schlock to path
project_root = Path.cwd()
sys.path.insert(0, str(project_root))
from schlock import validate_command
# Validate the command
result = validate_command(command)
Display the validation result with this format:
For BLOCKED commands:
đŤ BLOCKED: [message]
Safer alternatives:
⢠[alternative 1]
⢠[alternative 2]
For HIGH risk commands:
â ď¸ HIGH RISK: [message]
Proceed with caution. Consider:
⢠[alternative 1]
⢠[alternative 2]
For MEDIUM risk commands:
â ď¸ MEDIUM RISK: [message]
[Display alternatives if available]
For LOW risk commands:
âšď¸ LOW RISK: [message]
For SAFE commands:
â
SAFE: [message]
If validation error occurred:
â VALIDATION ERROR: [error message]
The command was blocked due to a validation error (fail-safe mode).
After the main result, you may optionally display:
result.risk_level.nameresult.exit_codeWhen user runs /schlock:validate without arguments, display:
schlock:validate - Validate bash commands for safety
Usage:
/schlock:validate "command to validate"
Examples:
/schlock:validate "rm -rf /tmp/test"
â Validates recursive delete operation
/schlock:validate "git push --force origin main"
â Checks for dangerous git operations
/schlock:validate "ls -la"
â Validates safe file listing command
How it works:
⢠Uses same validation engine as automatic hook
⢠Analyzes command using bashlex AST parsing
⢠Checks against 40+ safety rules
⢠Returns risk level: SAFE, LOW, MEDIUM, HIGH, BLOCKED
⢠Suggests safer alternatives when available
Risk Levels:
đŤ BLOCKED - Command execution prevented (destructive operations)
â ď¸ HIGH - Dangerous but not blocked (requires caution)
â ď¸ MEDIUM - Potentially risky operations
âšď¸ LOW - Minor concerns or best practice violations
â
SAFE - No safety concerns detected
If command extraction fails:
If validation raises exception:
If import fails:
Path handling: Adjust sys.path.insert(0, ...) to use actual project root from environment. The example uses Path.cwd() which should work in most cases.
ValidationResult structure: The result object has these fields:
allowed (bool): Whether command can executerisk_level (RiskLevel enum): SAFE, LOW, MEDIUM, HIGH, BLOCKEDmessage (str): Human-readable explanationalternatives (List[str]): Safer approaches (may be empty)exit_code (int): 0 if allowed, 1 if blockederror (Optional[str]): Error message if validation failedFormatting: Use emoji indicators (đŤ â ď¸ âšď¸ â â) for visual clarity in terminal output.
Alternatives: Only display alternatives section if result.alternatives list is not empty.
Consistency: Output format should match PreToolUse hook messages for familiarity.
Performance: Validation is fast (<200ms cold, <50ms cached). No need for progress indicators.
No execution: This command ONLY validates. It never executes the provided command.
Command is working correctly when:
/schlock:validate "rm -rf /" shows BLOCKED with alternatives/schlock:validate "ls -la" shows SAFE/schlock:validate "git push --force" shows HIGH risk/schlock:validate (no args) shows usage instructions