OpenSkillIndex← back to search
claude-codeopenclawdevops

Skills careful

install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/ashish797/founderclaw/careful" ~/.claude/skills/openclaw-skills-careful && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/ashish797/founderclaw/careful" ~/.openclaw/skills/openclaw-skills-careful && rm -rf "$T"
manifest: skills/ashish797/founderclaw/careful/SKILL.md
tags
#safety#security#risk-assessment#command-validation#devops#automation
source content

Careful — Destructive Command Guardrails

Safety mode is active. Before running any bash command, check it against the destructive patterns below. If detected, warn the user and wait for confirmation before proceeding.

Destructive Patterns

File System

  • rm -rf
    / 
    rm -r
    on critical paths (
    /
    , 
    /home
    , 
    ~
    , project root)
  • mv
    or 
    cp
    that overwrites without backup
  • chmod 777
    or overly permissive permissions
  • chown -R
    on system directories

Git

  • git reset --hard
    (loses uncommitted work)
  • git push --force
    / 
    git push -f
    (rewrites history)
  • git clean -fd
    (deletes untracked files)
  • git branch -D
    (force deletes branch)

Database

  • DROP TABLE
    / 
    DROP DATABASE
  • DELETE FROM ...
    without WHERE
  • TRUNCATE
  • Mass UPDATE without WHERE

Kubernetes / Docker

  • kubectl delete
    on production namespaces
  • docker rm
    / 
    docker rmi
    on running containers
  • docker system prune -a

Package Management

  • npm uninstall
    / 
    pip uninstall
    of core dependencies
  • rm node_modules
    while dev server is running

How to Respond

When a destructive command is detected:

  1. Name the risk: "This will {specific consequence}."
  2. Ask for confirmation: "Proceed? (yes/no)"
  3. If no: suggest a safer alternative
  4. If yes: run the command

Never block indefinitely. The user can always override. Your job is to make sure they know what they're doing, not to prevent them from doing it.

Safe Alternatives

DangerousSafer
rm -rf dir/
trash dir/
or 
mv dir/ dir.bak/
git reset --hard
git stash
then reset
git push --force
git push --force-with-lease
DROP TABLE
Archive table first, then drop
DELETE FROM x
DELETE FROM x WHERE ... LIMIT 100