safety-guard

为生产环境操作和自主代理执行提供破坏性行为防护与风险拦截。

星标

★ 209,790

来源

GitHub

更新于

2026-06-07

// 安全评估低风险

仅提示词，不执行代码
开源可审计
社区验证· 209.8k

正在进行安全审计…

凭证密钥
网络外发
代码执行
数据访问
来源供应链

// 安装

复制安装指令，让 AI 自动完成配置 · 推荐新手

请帮我安装 askskill 上的 "safety-guard" 技能：
1. 下载 https://raw.githubusercontent.com/affaan-m/ECC/main/skills/safety-guard/SKILL.md
2. 保存为 ~/.claude/skills/safety-guard/SKILL.md
3. 装好后重载技能，告诉我可以用了

// 下载

下载 SKILL.md机读安装清单 ↗

// 用法示例

拦截高危生产命令

输入

你是生产环境安全守卫。在执行任何命令前检查风险。如果命令可能删除数据、覆盖配置、批量修改资源或导致服务中断，先停止执行，说明风险，并给出更安全的替代方案。现在评估这条命令：kubectl delete namespace prod

预期产出

识别命令为高危操作，拒绝直接执行，并提供确认步骤、备份建议或只读替代方案。

为自主代理添加执行护栏

输入

请为一个可自主执行运维任务的 AI 代理制定安全规则。要求：禁止直接在生产库执行删除或全表更新；涉及重启、扩容、权限变更时必须人工审批；所有高风险操作先生成执行计划和回滚方案。

预期产出

输出一组清晰的代理安全策略，包含禁止事项、审批条件、执行前检查和回滚要求。

审查数据库变更脚本

输入

请审查以下生产数据库 SQL 是否存在破坏性风险，并给出更安全写法：UPDATE orders SET status = 'cancelled';

预期产出

指出该语句会全表更新，建议增加 WHERE 条件、先备份或分批执行，并给出改写示例。

// 文档

Safety Guard — Prevent Destructive Operations

When to Use

When working on production systems
When agents are running autonomously (full-auto mode)
When you want to restrict edits to a specific directory
During sensitive operations (migrations, deploys, data changes)

How It Works

Three modes of protection:

Mode 1: Careful Mode

Intercepts destructive commands before execution and warns:

Watched patterns:
- rm -rf (especially /, ~, or project root)
- git push --force
- git reset --hard
- git checkout . (discard all changes)
- DROP TABLE / DROP DATABASE
- docker system prune
- kubectl delete
- chmod 777
- sudo rm
- npm publish (accidental publishes)
- Any command with --no-verify

When detected: shows what the command does, asks for confirmation, suggests safer alternative.

Mode 2: Freeze Mode

Locks file edits to a specific directory tree:

/safety-guard freeze src/components/

Any Write/Edit outside src/components/ is blocked with an explanation. Useful when you want an agent to focus on one area without touching unrelated code.

Mode 3: Guard Mode (Careful + Freeze combined)

Both protections active. Maximum safety for autonomous agents.

/safety-guard guard --dir src/api/ --allow-read-all

Agents can read anything but only write to src/api/. Destructive commands are blocked everywhere.

Unlock

/safety-guard off

Implementation

Uses PreToolUse hooks to intercept Bash, Write, Edit, and MultiEdit tool calls. Checks the command/path against the active rules before allowing execution.