install
source · Clone the upstream repo
git clone https://github.com/loulanyue/awesome-claude-notes
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/loulanyue/awesome-claude-notes "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/safety-guard" ~/.claude/skills/loulanyue-awesome-claude-notes-safety-guard && rm -rf "$T"
manifest:
skills/safety-guard/SKILL.mdsource content
Safety Guard — Prevent Destructive Operations
When to Use
- When working on production systems
- When agents are running autonomously (full-auto mode)
- When you want to restrict edits to a specific directory
- During sensitive operations (migrations, deploys, data changes)
How It Works
Three modes of protection:
Mode 1: Careful Mode
Intercepts destructive commands before execution and warns:
Watched patterns: - rm -rf (especially /, ~, or project root) - git push --force - git reset --hard - git checkout . (discard all changes) - DROP TABLE / DROP DATABASE - docker system prune - kubectl delete - chmod 777 - sudo rm - npm publish (accidental publishes) - Any command with --no-verify
When detected: shows what the command does, asks for confirmation, suggests safer alternative.
Mode 2: Freeze Mode
Locks file edits to a specific directory tree:
/safety-guard freeze src/components/
Any Write/Edit outside
src/components/Mode 3: Guard Mode (Careful + Freeze combined)
Both protections active. Maximum safety for autonomous agents.
/safety-guard guard --dir src/api/ --allow-read-all
Agents can read anything but only write to
src/api/Unlock
/safety-guard off
Implementation
Uses PreToolUse hooks to intercept Bash, Write, Edit, and MultiEdit tool calls. Checks the command/path against the active rules before allowing execution.
Integration
- Enable by default for
sessionscodex -a never - Pair with observability risk scoring in ECC 2.0
- Logs all blocked actions to
~/.claude/safety-guard.log