safety-guard
Use this skill to prevent destructive operations when working on production systems or running agents autonomously.
About this skill
The `safety-guard` skill empowers AI agents to operate with enhanced security and caution, particularly in production environments or when running autonomously. It functions by intercepting and preventing potentially destructive commands, thereby minimizing the risk of data loss, system instability, or irreversible changes. The skill incorporates three robust protection modes: 'Careful Mode' issues warnings before executing recognized dangerous commands (e.g., `rm -rf /`, `git push --force`, `DROP TABLE`); 'Restricted Mode' actively blocks any attempts to modify files outside of a pre-defined safe directory; and 'Dry-Run Mode' simulates command execution without making actual changes, offering a safe method to test operations. This skill is indispensable for maintaining system integrity and ensuring operational safety when AI agents interact with critical infrastructure.
Best use case
Preventing accidental data loss, system downtime, or irreversible configuration changes caused by AI agents. Enhancing the reliability and trustworthiness of autonomous AI agents in sensitive environments. Ensuring compliance with operational safety protocols during software development, deployment, and data management tasks.
Use this skill to prevent destructive operations when working on production systems or running agents autonomously.
Accidental destructive commands are intercepted and either blocked or require explicit confirmation. System integrity is maintained, and data loss or corruption is minimized. AI agents operate with increased safety and reliability, especially in sensitive contexts, reducing operational risks.
Practical example
Example input
The user asked me to clean up old logs. I will use `rm -rf /var/log/*.log` I need to revert the last commit forcefully. I will run `git reset --hard HEAD~1` The database needs to be reinitialized. I will execute `DROP DATABASE production_db;`
Example output
SAFETY GUARD: Careful Mode detected a potentially destructive command (`rm -rf /var/log/*.log`). Are you absolutely sure you want to proceed? This could delete critical files. SAFETY GUARD: Careful Mode detected a potentially destructive command (`git reset --hard HEAD~1`). This will discard all uncommitted changes and forcefully revert history. Confirm action. SAFETY GUARD: Careful Mode detected a highly destructive command (`DROP DATABASE production_db;`). This will permanently delete the entire database. You must explicitly confirm with 'CONFIRM_DESTRUCTIVE_ACTION_PRODUCTION' to proceed, or use Dry-Run mode for testing.
When to use this skill
- When working on production systems
- When agents are running autonomously (full-auto mode)
- When you want to restrict edits to a specific directory
- During sensitive operations (migrations, deploys, data changes)
When not to use this skill
- In non-critical or sandbox environments where unrestricted access is explicitly required for experimentation or rapid prototyping. When full, unhindered control is necessary for highly specialized, non-destructive tasks where safety prompts would hinder workflow.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/safety-guard/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How safety-guard Compares
| Feature / Agent | safety-guard | Standard Approach |
|---|---|---|
| Platform Support | Claude | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | easy | N/A |
Frequently Asked Questions
What does this skill do?
Use this skill to prevent destructive operations when working on production systems or running agents autonomously.
Which AI agents support this skill?
This skill is designed for Claude.
How difficult is it to install?
The installation complexity is rated as easy. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Safety Guard — Prevent Destructive Operations ## When to Use - When working on production systems - When agents are running autonomously (full-auto mode) - When you want to restrict edits to a specific directory - During sensitive operations (migrations, deploys, data changes) ## How It Works Three modes of protection: ### Mode 1: Careful Mode Intercepts destructive commands before execution and warns: ``` Watched patterns: - rm -rf (especially /, ~, or project root) - git push --force - git reset --hard - git checkout . (discard all changes) - DROP TABLE / DROP DATABASE - docker system prune - kubectl delete - chmod 777 - sudo rm - npm publish (accidental publishes) - Any command with --no-verify ``` When detected: shows what the command does, asks for confirmation, suggests safer alternative. ### Mode 2: Freeze Mode Locks file edits to a specific directory tree: ``` /safety-guard freeze src/components/ ``` Any Write/Edit outside `src/components/` is blocked with an explanation. Useful when you want an agent to focus on one area without touching unrelated code. ### Mode 3: Guard Mode (Careful + Freeze combined) Both protections active. Maximum safety for autonomous agents. ``` /safety-guard guard --dir src/api/ --allow-read-all ``` Agents can read anything but only write to `src/api/`. Destructive commands are blocked everywhere. ### Unlock ``` /safety-guard off ``` ## Implementation Uses PreToolUse hooks to intercept Bash, Write, Edit, and MultiEdit tool calls. Checks the command/path against the active rules before allowing execution. ## Integration - Enable by default for `codex -a never` sessions - Pair with observability risk scoring in ECC 2.0 - Logs all blocked actions to `~/.claude/safety-guard.log`
Related Skills
workspace-surface-audit
Audit the active repo, MCP servers, plugins, connectors, env surfaces, and harness setup, then recommend the highest-value ECC-native skills, hooks, agents, and operator workflows. Use when the user wants help setting up Claude Code or understanding what capabilities are actually available in their environment.
repo-scan
Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
project-flow-ops
Operate execution flow across GitHub and Linear by triaging issues and pull requests, linking active work, and keeping GitHub public-facing while Linear remains the internal execution layer. Use when the user wants backlog control, PR triage, or GitHub-to-Linear coordination.
manim-video
Build reusable Manim explainers for technical concepts, graphs, system diagrams, and product walkthroughs, then hand off to the wider ECC video stack if needed. Use when the user wants a clean animated explainer rather than a generic talking-head script.
laravel-plugin-discovery
Discover and evaluate Laravel packages via LaraPlugins.io MCP. Use when the user wants to find plugins, check package health, or assess Laravel/PHP compatibility.
design-system
Use this skill to generate or audit design systems, check visual consistency, and review PRs that touch styling.
click-path-audit
Trace every user-facing button/touchpoint through its full state change sequence to find bugs where functions individually work but cancel each other out, produce wrong final state, or leave the UI in an inconsistent state. Use when: systematic debugging found no bugs but users report broken buttons, or after any major refactor touching shared state stores.
ck
Persistent per-project memory for Claude Code. Auto-loads project context on session start, tracks sessions with git activity, and writes to native memory. Commands run deterministic Node.js scripts — behavior is consistent across model versions.
canary-watch
Use this skill to monitor a deployed URL for regressions after deploys, merges, or dependency upgrades.
benchmark
Use this skill to measure performance baselines, detect regressions before/after PRs, and compare stack alternatives.
swiftui-patterns
SwiftUI 架构模式,使用 @Observable 进行状态管理,视图组合,导航,性能优化,以及现代 iOS/macOS UI 最佳实践。
swift-protocol-di-testing
基于协议的依赖注入,用于可测试的Swift代码——使用聚焦协议和Swift Testing模拟文件系统、网络和外部API。