npx claudepluginhub yurukusa/cc-safe-setup --plugin safety-essentialsDefined inline in plugin.json manifest
BashCMD=$(echo "$CC_TOOL_INPUT" | jq -r '.command' 2>/dev/null); if echo "$CMD" | grep -qE 'rm\s+-r(f|F)|rm\s+-(f|F)r|rm\s+--force.*-r|rm\s+-r.*--force'; then echo 'BLOCKED: rm -rf detected. Use git clean or manual deletion instead.' >&2; exit 2; fiBashCMD=$(echo "$CC_TOOL_INPUT" | jq -r '.command' 2>/dev/null); if echo "$CMD" | grep -qE 'git\s+push.*--force|git\s+push.*-f\b'; then echo 'BLOCKED: Force push detected. Use --force-with-lease or push normally.' >&2; exit 2; fiBashCMD=$(echo "$CC_TOOL_INPUT" | jq -r '.command' 2>/dev/null); if echo "$CMD" | grep -qE 'git\s+reset\s+--hard'; then echo 'BLOCKED: git reset --hard discards uncommitted changes. Use git stash instead.' >&2; exit 2; fiWriteFILE=$(echo "$CC_TOOL_INPUT" | jq -r '.file_path' 2>/dev/null); if echo "$FILE" | grep -qE '\.env$|\.env\.'; then echo "BLOCKED: Writing to environment file: $FILE" >&2; exit 2; fiBashCMD=$(echo "$CC_TOOL_INPUT" | jq -r '.command' 2>/dev/null); if echo "$CMD" | grep -qE 'npm\s+publish|yarn\s+publish'; then echo 'BLOCKED: Package publish requires manual execution.' >&2; exit 2; fiRuns 'npx @nizos/probity --agent claude-code' before Bash, Write, or Edit tool calls to audit operations. Executes bash, affects file writes via PreToolUse matcher.
Share bugs, ideas, or general feedback.