npx claudepluginhub tody-agent/codymaster --plugin cmThis skill uses the workspace's default tool permissions.
```bash
Blocks destructive commands like rm -rf, git --force, DROP TABLE, docker prune, and restricts file edits to specified directories. Use on production systems and with autonomous agents.
Blocks destructive commands like rm -rf, git force-push, kubectl delete on production systems and autonomous agents. Locks file edits to specific directories.
Prevents destructive ops in Claude Code via /safe-mode: cautious warns on rm -rf/SQL drops/git force-push; lockdown restricts edits to one dir; clear resets.
Share bugs, ideas, or general feedback.
cm guardian check -- git push --force origin main # exits 1 if blocked
cm guardian path-check --file ./src/app.ts --roots src,lib
rm -rf, DROP TABLE, git push --force, git reset --hard, pipes to shell, etc.npm run build, npm test, npx vitest..cm/guardian.log.When using cm-debugging or root-cause work, treat freeze roots as mandatory: only edit inside allowed directories until the hypothesis is proven.
See .cm/config.example.yaml → guardian:. Hook patterns (Cursor / Codex): docs/workflows/guardian-hooks.md (repo root).