Stats
Actions
Tags
From ecc
Prevents destructive operations on production systems and autonomous agents by intercepting dangerous commands, restricting edits to a directory, or combining both protections.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ecc:safety-guardThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When working on production systems
Three modes of protection:
Intercepts destructive commands before execution and warns:
Watched patterns:
- rm -rf (especially /, ~, or project root)
- git push --force
- git reset --hard
- git checkout . (discard all changes)
- DROP TABLE / DROP DATABASE
- docker system prune
- kubectl delete
- chmod 777
- sudo rm
- npm publish (accidental publishes)
- Any command with --no-verify
When detected: shows what the command does, asks for confirmation, suggests safer alternative.
Locks file edits to a specific directory tree:
/safety-guard freeze src/components/
Any Write/Edit outside src/components/ is blocked with an explanation. Useful when you want an agent to focus on one area without touching unrelated code.
Both protections active. Maximum safety for autonomous agents.
/safety-guard guard --dir src/api/ --allow-read-all
Agents can read anything but only write to src/api/. Destructive commands are blocked everywhere.
/safety-guard off
Uses PreToolUse hooks to intercept Bash, Write, Edit, and MultiEdit tool calls. Checks the command/path against the active rules before allowing execution.
codex -a never sessions~/.claude/safety-guard.lognpx claudepluginhub affaan-m/ecc --plugin eccBlocks destructive commands like rm -rf, git --force, DROP TABLE, docker prune, and restricts file edits to specified directories. Use on production systems and with autonomous agents.
Blocks destructive Bash commands like rm -rf, DROP TABLE, git force-push, reset --hard, and restricts file edits to a specific directory. Use for protection on critical systems.
Prevents destructive operations via three modes: cautious (warns on dangerous commands like rm -rf, git push --force, SQL drops), lockdown (restricts edits to one directory), and clear (removes restrictions). Uses PreToolUse hooks for Bash, Edit, and Write.