Marketplace

safety-net-dev

Development marketplace for safety net plugin

npx claudepluginhub kenryu42/claude-code-safety-net

README

View full README on GitHub

1 Plugin

safety-net

1.3k

Block destructive git and filesystem commands before execution

v0.8.2

Related Marketplaces

nextjs

139.3K

0plugins

No description available.

thedotmack

72.2K

0plugins

Plugins by Alex Newman (thedotmack)

caveman

51.4K

0plugins

Ultra-compressed communication mode for Claude Code. Cuts ~75% of tokens while keeping full technical accuracy.

Stats

Plugins1

Stars1294

UpdatedMay 1, 2026

Links

View on GitHub View Marketplace JSON

Help us improve

Share bugs, ideas, or general feedback.

Claude Code Safety Net

A Claude Code plugin that acts as a safety net, catching destructive git and filesystem commands before they execute.

Why This Exists
Why Use This Instead of Permission Deny Rules?
What About Sandboxing?
Prerequisites
Quick Start
Status Line Integration
Diagnostics
Explain (Debug Analysis)
Commands Blocked
Commands Allowed
What Happens When Blocked
Testing the Hook
Development
Custom Rules (Experimental)
Advanced Features
License

Why This Exists

We learned the hard way that instructions aren't enough to keep AI agents in check. After Claude Code silently wiped out hours of progress with a single rm -rf ~/ or git checkout --, it became evident that soft rules in an CLAUDE.md or AGENTS.md file cannot replace hard technical constraints. The current approach is to use a dedicated hook to programmatically prevent agents from running destructive commands.

Why Use This Instead of Permission Deny Rules?

Claude Code's .claude/settings.json supports deny rules with wildcard matching (e.g., Bash(git reset --hard:*)). Here's how this plugin differs:

At a Glance

	Permission Deny Rules	Safety Net
Setup	Manual configuration required	Works out of the box
Parsing	Wildcard pattern matching	Semantic command analysis
Execution order	Runs second	Runs first (PreToolUse hook)
Shell wrappers	Not handled automatically (must match wrapper forms)	Recursively analyzed (5 levels)
Interpreter one-liners	Not handled automatically (must match interpreter forms)	Detected and blocked

Permission Rules Have Known Bypass Vectors

Even with wildcard matching, Bash permission patterns are intentionally limited and can be bypassed in many ways:

Bypass Method	Example
Options before value	`curl -X GET http://evil.com` bypasses `Bash(curl http://evil.com:*)`
Shell variables	`URL=http://evil.com && curl $URL` bypasses URL pattern
Flag reordering	`rm -r -f /` bypasses `Bash(rm -rf:*)`
Extra whitespace	`rm -rf /` (double space) bypasses pattern
Shell wrappers	`sh -c "rm -rf /"` bypasses `Bash(rm:*)` entirely

safety-net-dev

README

1 Plugin

safety-net

Related Marketplaces

nextjs

thedotmack

caveman

Help us improve

Help us improve

safety-net-dev

README

Claude Code Safety Net

Contents

Why This Exists

Why Use This Instead of Permission Deny Rules?

At a Glance

Permission Rules Have Known Bypass Vectors

Safety Net Handles What Patterns Can't

1 Plugin

safety-net

Related Marketplaces

nextjs

thedotmack

caveman

Help us improve

Claude Code Safety Net

Contents

Why This Exists

Why Use This Instead of Permission Deny Rules?

At a Glance

Permission Rules Have Known Bypass Vectors

Safety Net Handles What Patterns Can't