Skill

configure-safety

Interactively configure ac-safety plugin's safety.yaml: customize guardians for credentials, destructive bash, file writes, supply chain risks, and Playwright via prompts and overrides.

Playwright

Bash

security

developer-tools

npx claudepluginhub waterplanai/agentic-config --plugin ac-safety

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Interactive safety.yaml configuration for ac-safety plugin.

SKILL.md

Similar Skills

Secure Tune

Tunes Secure Claude Code security profiles to strict, balanced, or minimal levels. Lists protections and explains guards via commands and docs. Use to adjust or understand local policy.

runwall

claude-security-settings

Configures Claude Code security settings with permission wildcards, shell operator protections, and project-level access controls. Use for securing tools like Bash and workflows.

7 tools

configure-plugin

Reins — Runtime Security for Claude Code

383

Enforces runtime security policies on Claude Code actions via Pre/PostToolUse hooks, blocks dangerous shell commands/file ops/MCP calls, scans configs for OWASP ASI10 vulnerabilities, logs audit trails.

reins

Stats

Parent Repo Stars28

Parent Repo Forks6

Last CommitMar 20, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

configure-safety

Interactive safety.yaml configuration for ac-safety plugin.

Trigger

/configure-safety or /ac-safety:configure-safety

Behavior

Read the 3-tier config resolution and display current effective config:
- Plugin defaults: ${CLAUDE_PLUGIN_ROOT}/config/safety.default.yaml
- User-level: ~/.claude/safety.yaml
- Project-level: ./safety.yaml (relative to project root)
Display current effective settings per guardian:
- credential_guardian: blocked paths, allowed files
- destructive_bash: category decisions (deny/ask/allow per category)
- write_scope: allowed/blocked prefixes and files
- supply_chain: category decisions, allowlists
- playwright: category decisions, domain allowlist
Ask user which guardian(s) to customize.
For each selected guardian, present current category decisions and ask for changes:
- Show: category: current_decision
- Accept: deny, ask, or allow per category
- For list fields (allowlists, prefixes): show current, ask for additions/removals
Ask target location: project-level (./safety.yaml) or user-level (~/.claude/safety.yaml).
Generate or update the YAML file at chosen location.
- Only write overrides (do not duplicate defaults).
- Deep-merge with existing content if file already exists.
Validate by loading the merged config and displaying effective result.

Steps

1. Read ${CLAUDE_PLUGIN_ROOT}/config/safety.default.yaml
2. Read ~/.claude/safety.yaml (if exists)
3. Read ./safety.yaml (if exists)
4. Display merged effective config as table
5. Prompt: "Which guardian to customize? (credential/destructive_bash/write_scope/supply_chain/playwright/all)"
6. For selected guardian(s):
   a. Show categories with current decisions
   b. Ask for new decision per category (or skip)
   c. For list fields, show current and ask for changes
7. Prompt: "Save to project-level or user-level? (project/user)"
8. Write YAML with only the overrides
9. Re-read and display new effective config

Constraints

Never modify plugin defaults (safety.default.yaml)
Only write overrides -- do not duplicate default values
Validate decisions are one of: deny, ask, allow
Existing file content must be preserved (deep-merge on write)