skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
affaan-m/ecc1.1k installs

safety-guard

Use this skill to prevent destructive operations when working on production systems or running agents autonomously.

How do I install this agent skill?

npx skills add https://github.com/affaan-m/ecc --skill safety-guard
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    The safety-guard skill is a protective mechanism designed to prevent accidental destructive operations and restrict file system writes to specific directories during autonomous agent operations.

  • Socketpass

    No alerts

  • Snykpass

    Risk: LOW · No issues

What does this agent skill do?

Safety Guard — Prevent Destructive Operations

When to Use

  • When working on production systems
  • When agents are running autonomously (full-auto mode)
  • When you want to restrict edits to a specific directory
  • During sensitive operations (migrations, deploys, data changes)

How It Works

Three modes of protection:

Mode 1: Careful Mode

Intercepts destructive commands before execution and warns:

Watched patterns:
- rm -rf (especially /, ~, or project root)
- git push --force
- git reset --hard
- git checkout . (discard all changes)
- DROP TABLE / DROP DATABASE
- docker system prune
- kubectl delete
- chmod 777
- sudo rm
- npm publish (accidental publishes)
- Any command with --no-verify

When detected: shows what the command does, asks for confirmation, suggests safer alternative.

Mode 2: Freeze Mode

Locks file edits to a specific directory tree:

/safety-guard freeze src/components/

Any Write/Edit outside src/components/ is blocked with an explanation. Useful when you want an agent to focus on one area without touching unrelated code.

Mode 3: Guard Mode (Careful + Freeze combined)

Both protections active. Maximum safety for autonomous agents.

/safety-guard guard --dir src/api/ --allow-read-all

Agents can read anything but only write to src/api/. Destructive commands are blocked everywhere.

Unlock

/safety-guard off

Implementation

Uses PreToolUse hooks to intercept Bash, Write, Edit, and MultiEdit tool calls. Checks the command/path against the active rules before allowing execution.

Integration

  • Enable by default for codex -a never sessions
  • Pair with observability risk scoring in ECC 2.0
  • Logs all blocked actions to ~/.claude/safety-guard.log

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/affaan-m/ecc/safety-guard">View safety-guard on skillZs</a>