Skill

security-guard

Generate or update security guardrail hooks. Use when: /harn:guard, 'update security rules', 'block dangerous commands', 'add guardrail'

Install

npx claudepluginhub sliday/harn

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Generate or update `scripts/harness/security_guard.py` for the current project.

SKILL.md

Similar Skills

kotlin-ktor-patterns

Provides Ktor server patterns for routing DSL, plugins (auth, CORS, serialization), Koin DI, WebSockets, services, and testApplication testing.

everything-claude-code

163.2k

deep-research

Conducts multi-source web research with firecrawl and exa MCPs: searches, scrapes pages, synthesizes cited reports. For deep dives, competitive analysis, tech evaluations, or due diligence.

everything-claude-code

163.2k

inventory-demand-planning

Provides demand forecasting, safety stock optimization, replenishment planning, and promotional lift estimation for multi-location retailers managing 300-800 SKUs.

everything-claude-code

163.2k

Stats

Stars3

Forks0

Last CommitApr 7, 2026

Actions

View Source View Plugin View on GitHub View README

Security Guard Generator

Generate or update scripts/harness/security_guard.py for the current project.

Process

Read current scripts/harness/security_guard.py if it exists
Ask user what additional patterns to block (or accept defaults)
Before adding user patterns, verify they compile as valid regex
Offer to show the user what existing commands would be blocked by the new patterns before activating (--dry-run)
Generate the updated script with all patterns
Ensure it's executable
Verify it's wired in .claude/settings.json as a PreToolUse hook

Default Blocked Patterns

rm -rf — recursive forced deletion
git push ... main/master — direct push to protected branches
chmod 777 — reckless permissions
> ~/ — overwriting home directory files
curl | bash — piped remote execution
sudo rm — privileged deletion
mkfs. — disk formatting
dd if= — raw disk writes

Custom Patterns

Ask the user if they want to:

Restrict writes to specific directories only (e.g., only src/)
Block specific package managers (e.g., npm publish)

Pattern Validation

Before adding user-supplied patterns, verify they compile as valid regex. Invalid patterns can silently break the guard or cause it to crash. Test each pattern with re.compile() and report errors back to the user before writing the script.

Dry Run

Offer to show the user what existing commands (from shell history or a sample list) would be blocked by the new patterns before activating. This helps catch overly broad patterns that would block legitimate work.

User-Supplied Patterns

User-supplied regex patterns may contain errors — unbalanced groups, invalid escapes, or overly broad expressions. The generated script wraps each re.search() call in a try/except for re.error so that a single bad pattern does not disable the entire guard.

Template

Generate scripts/harness/security_guard.py using this structure:

#!/usr/bin/env python3
# Harn security guard — blocks dangerous shell commands before execution
# Why: https://harn.app/kb/safety.html — "Tools should be hard to misuse"
# Docs: https://harn.app/kb/safety.html — "Mitigating Prompt Injection Attacks"

import json, sys, re

payload = json.load(sys.stdin)

if not isinstance(payload, dict):
    sys.exit(0)  # Malformed payload — allow (fail-open for non-Bash)

tool = payload.get("tool_name", "")
if tool != "Bash":
    sys.exit(0)

command = payload.get("tool_input", {}).get("command", "")

dangerous = [
    r"rm\s+-rf",
    r"git\s+push\s+.*\b(main|master)\b",
    r"chmod\s+777",
    r">\s*~/",
    r"curl\s+.*\|\s*bash",
    r"sudo\s+rm",
    r"mkfs\.",
    r"dd\s+if=",
]

for pattern in dangerous:
    try:
        if re.search(pattern, command):
            print(f"HARNESS BLOCK: Command matches prohibited pattern ({pattern}).", file=sys.stderr)
            print("Find a safer alternative.", file=sys.stderr)
            sys.exit(2)
    except re.error:
        print(f"HARNESS WARNING: Invalid regex pattern skipped: {pattern}", file=sys.stderr)
        continue

sys.exit(0)