Plugin

safety-net

Name: safety-net
Author: kenryu42

Interactively configure and validate custom Safety Net rules to block destructive git and filesystem commands in Claude Code. Set up user/project scopes via natural language inputs, edit settings for status lines with bunx/npx runners, verify configs with schema docs and fix suggestions, and enable pre-tool hooks for dependency scans and timed bash executions.

npx claudepluginhub kenryu42/claude-code-safety-net --plugin safety-net

Component Overview

Commands

Hooks

Component Details

Commands (3)

Context

/set-custom-rules

Set custom rules for Safety Net

Context

/set-statusline

Set Safety Net status line in Claude Code settings

Your Task

/verify-custom-rules

Verify custom rules for Safety Net

Hooks (1)

Review workflow modifications before installing

Event Hooks

Bash

1 hook across 1 event

README

Claude Code Safety Net

A Claude Code plugin that acts as a safety net, catching destructive git and filesystem commands before they execute.

Why This Exists
Why Use This Instead of Permission Deny Rules?
What About Sandboxing?
Prerequisites
Quick Start
Status Line Integration
Diagnostics
Explain (Debug Analysis)
Commands Blocked
Commands Allowed
What Happens When Blocked
Testing the Hook
Development
Custom Rules (Experimental)
Advanced Features
License

Why This Exists

We learned the hard way that instructions aren't enough to keep AI agents in check. After Claude Code silently wiped out hours of progress with a single rm -rf ~/ or git checkout --, it became evident that soft rules in an CLAUDE.md or AGENTS.md file cannot replace hard technical constraints. The current approach is to use a dedicated hook to programmatically prevent agents from running destructive commands.

Why Use This Instead of Permission Deny Rules?

Claude Code's .claude/settings.json supports deny rules with wildcard matching (e.g., Bash(git reset --hard:*)). Here's how this plugin differs:

At a Glance

	Permission Deny Rules	Safety Net
Setup	Manual configuration required	Works out of the box
Parsing	Wildcard pattern matching	Semantic command analysis
Execution order	Runs second	Runs first (PreToolUse hook)
Shell wrappers	Not handled automatically (must match wrapper forms)	Recursively analyzed (5 levels)
Interpreter one-liners	Not handled automatically (must match interpreter forms)	Detected and blocked

Permission Rules Have Known Bypass Vectors

Even with wildcard matching, Bash permission patterns are intentionally limited and can be bypassed in many ways:

Bypass Method	Example
Options before value	`curl -X GET http://evil.com` bypasses `Bash(curl http://evil.com:*)`
Shell variables	`URL=http://evil.com && curl $URL` bypasses URL pattern
Flag reordering	`rm -r -f /` bypasses `Bash(rm -rf:*)`
Extra whitespace	`rm -rf /` (double space) bypasses pattern
Shell wrappers	`sh -c "rm -rf /"` bypasses `Bash(rm:*)` entirely

Safety Net Handles What Patterns Can't

View full README on GitHub

Similar Plugins

safety-hooks

1.7k

Safety hooks to block or require user approval for dangerous commands (rm, git operations, .env access, file size limits)

2mo

v1.10.5

Stats

Version0.8.2

Stars1294

Forks60

Installs1

MaintenanceExcellent

LicenseMIT

Last CommitMay 1, 2026

AddedFeb 2, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Available In

safety-net-dev1,294 cc-marketplace2

Safety Signals

Caution

Executes bash commands

Hook triggers when Bash tool is used

Runs pre-commands

Contains inline bash commands via ! syntax

Help us improve

Share bugs, ideas, or general feedback.

Back to Plugins