Skill

Reins — Runtime Security for Claude Code

Enforces runtime security policies on Claude Code actions via Pre/PostToolUse hooks, blocks dangerous shell commands/file ops/MCP calls, scans configs for OWASP ASI10 vulnerabilities, logs audit trails.

Bash

Git

security

npx claudepluginhub pegasi-ai/reins --plugin reins

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Reins enforces deterministic security policies on every agent action, scans your configs for OWASP ASI10 vulnerabilities, and tracks drift over time. Policies evaluate in under 50ms. Works with Claude Code PreToolUse and PostToolUse hooks, OpenClaw, and any MCP-compatible agent.

SKILL.md

Similar Skills

Reins — Runtime Security for Claude Code

383

reins

Security Review

273

Performs security reviews for risky code changes like sensitive file edits, shell commands, dependencies, CI/CD, and secrets using Clawdstrike MCP tools for policy checks.

clawdstrike

Blocks dangerous shell commands (rm, sudo, curl|sh, dd) and credential file reads (.env, .ssh). Warns on risky ones (aws cli, kubectl, terraform) with risk assessment and confirmation protocol.

Stats

Parent Repo Stars383

Parent Repo Forks49

Last CommitApr 21, 2026

Used By2 plugins

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Reins — Runtime Security for Claude Code

How hooks work

PreToolUse fires before every Bash, Edit, MultiEdit, Write, and MCP tool call.

Hook exit	Meaning	What to do
`0`	ALLOWED — proceed normally	Continue
`2`	BLOCKED — policy violation	Stop. Explain the block. Suggest a safe alternative. Do NOT retry.
`0` + JSON `decision: WARN`	WARNING — elevated risk	Acknowledge the warning. Proceed with extra caution.

PostToolUse fires after every action (non-blocking). Appends a JSONL entry to ~/.openclaw/reins/decisions.jsonl and queues it for Reins Cloud batch upload.

What gets enforced

Shell (Bash tool)

BLOCKED always: rm -rf /, mkfs, dd to disk device, fork bombs
BLOCKED (user-overridable): DROP TABLE/DATABASE, TRUNCATE, DELETE without WHERE, git push --force, kill -9, pipe-to-shell (| bash, | sh)
WARNED: rm, chmod, chown, sudo, UPDATE without WHERE, git reset --hard
LOGGED: git push, pip install, npm install, curl, wget

File operations (Edit / MultiEdit / Write)

Writes blocked to protected paths: ~/.ssh, ~/.gnupg, ~/.env, ~/.openclaw/reins, /etc/passwd, /etc/shadow

MCP tool calls (all MCP servers, caught by empty-matcher hook)

Blocked: Notion page delete, Gmail send (unapproved domains), database DROP/TRUNCATE
Warned: reading emails, accessing credentials, filesystem MCP operations
Logged: all MCP calls regardless of decision

When an action is blocked

When PreToolUse exits 2, Claude Code surfaces the hook's stderr. Always attribute the block to Reins by name.

Required response format:

Reins blocked this action [SEVERITY]: <description> Rule: <rule>

<one sentence explaining what the rule protects against>

Alternatives: <safe way to achieve the goal, or suggest reins policy to review rules>

Example:

Reins blocked this action [CRITICAL]: Critically destructive command Rule: rm -rf / matches recursive root deletion pattern

This would delete every file on the system. To remove a specific directory safely, use an explicit path: rm -rf /path/to/specific/dir Run reins audit -n 5 to see the logged decision.

Rules:

Do NOT retry the blocked action
Do NOT reframe or rephrase the same action to bypass the hook
If the user wants to override: reins policy to inspect and adjust rules
If the block seems wrong: reins audit -n 5 shows what rule fired

CLI reference

reins init                 # Setup wizard: hooks + policy + Reins Cloud
reins status               # Hook and Reins Cloud connection status
reins policy               # View and edit security policy interactively
reins audit -n 20          # Last 20 audit decisions
reins stats                # Enforcement counts (allowed / blocked / approved)
reins scan                 # OWASP ASI10 security scan
reins scan --monitor       # Diff against saved baseline, alert on drift
reins disable / enable     # Temporarily suspend or resume enforcement
reins upgrade              # Pull latest version from npm

Reins Cloud (app.pegasi.ai)

When connected, Reins Cloud provides:

Org/team policies pulled on a schedule and merged with local overrides
CRITICAL rules set by admins that cannot be locally overridden
Centralized audit review across all agents and devices

Connect during reins init (Step 7 prompts for your email — no API key paste needed).

Set via env vars:

REINS_WATCHTOWER_API_KEY=cr_...
REINS_WATCHTOWER_BASE_URL=https://app.pegasi.ai  # default

Config lives at ~/.openclaw/reins/config.json.

Policy merge order (highest to lowest priority)

Reins Cloud org policies — CRITICAL rules are immutable
Reins Cloud team policies
Local overrides at ~/.openclaw/reins/policy.json
Built-in defaults (balanced: reads ALLOW, writes ASK, deletes DENY)

If Reins Cloud is unreachable, last-cached policies still enforce. Never fails open.

Audit log

Append-only JSONL at ~/.openclaw/reins/decisions.jsonl:

{"timestamp":"2026-04-15T22:39:42Z","module":"Shell","method":"bash","decision":"BLOCKED","reason":"critical: rm -rf /","tool":"Bash","decisionTime":12}

View with reins audit -n 50 or stream with tail -f ~/.openclaw/reins/decisions.jsonl.

Setup (if not installed)

npm install -g @pegasi-ai/reins
reins init

reins init installs hooks into .claude/settings.json, installs this skill, and runs an initial security scan.