bitkaio/guard
guard/SKILL.md
Full safety mode: destructive command warnings + directory-scoped edits. Combines /careful (warns before rm -rf, DROP TABLE, force-push, etc.) with /freeze (blocks edits outside a specified directory). Use for maximum safety when touching prod or debugging live systems. Use when asked to "guard mode", "full safety", "lock it down", or "maximum safety".
development
Updated Apr 3, 2026
$ install --global
skillsauthnpx skillsauth add bitkaio/gstack guardInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 3, 2026, 7:31 PM329.8s2 files scanned
SKILL.md
- name:
- guard
- version:
- 0.1.0
- description:
- |
- Full safety mode:
- destructive command warnings + directory-scoped edits.
- - matcher:
- Write
- - type:
- command
- command:
- bash ${CLAUDE_SKILL_DIR}/../freeze/bin/check-freeze.sh
- statusMessage:
- Checking freeze boundary...
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly -->
<!-- Regenerate: bun run gen:skill-docs -->
/guard — Full Safety Mode
Activates both destructive command warnings and directory-scoped edit restrictions.
This is the combination of /careful + /freeze in a single command.
Dependency note: This skill references hook scripts from the sibling /careful
and /freeze skill directories. Both must be installed (they are installed together
by the gstack setup script).
mkdir -p ~/.gstack/analytics
echo '{"skill":"guard","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true
Setup
Ask the user which directory to restrict edits to. Use AskUserQuestion:
- Question: "Guard mode: which directory should edits be restricted to? Destructive command warnings are always on. Files outside the chosen path will be blocked from editing."
- Text input (not multiple choice) — the user types a path.
Once the user provides a directory path:
- Resolve it to an absolute path:
FREEZE_DIR=$(cd "<user-provided-path>" 2>/dev/null && pwd)
echo "$FREEZE_DIR"
- Ensure trailing slash and save to the freeze state file:
FREEZE_DIR="${FREEZE_DIR%/}/"
STATE_DIR="${CLAUDE_PLUGIN_DATA:-$HOME/.gstack}"
mkdir -p "$STATE_DIR"
echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt"
echo "Freeze boundary set: $FREEZE_DIR"
Tell the user:
- "Guard mode active. Two protections are now running:"
- "1. Destructive command warnings — rm -rf, DROP TABLE, force-push, etc. will warn before executing (you can override)"
- "2. Edit boundary — file edits restricted to
<path>/. Edits outside this directory are blocked." - "To remove the edit boundary, run
/unfreeze. To deactivate everything, end the session."
What's protected
See /careful for the full list of destructive command patterns and safe exceptions.
See /freeze for how edit boundary enforcement works.
Related Skills
bitkaio/unfreeze
data-ai
VerifiedTrustedCommunity
Clear the freeze boundary set by /freeze, allowing edits to all directories again. Use when you want to widen edit scope without ending the session. Use when asked to "unfreeze", "unlock edits", "remove freeze", or "allow all edits".
SKILL.mdUpdated Apr 3, 2026
bitkaio/ship
development
VerifiedTrustedCommunity
Ship workflow: detect + merge base branch, run tests, review diff, bump VERSION, update CHANGELOG, commit, push, create PR. Use when asked to "ship", "deploy", "push to main", "create a PR", or "merge and push". Proactively suggest when the user says code is ready or asks about deploying.
SKILL.mdUpdated Apr 3, 2026
bitkaio/setup-browser-cookies
testing
VerifiedTrustedCommunity
Import cookies from your real browser (Comet, Chrome, Arc, Brave, Edge) into the headless browse session. Opens an interactive picker UI where you select which cookie domains to import. Use before QA testing authenticated pages. Use when asked to "import cookies", "login to the site", or "authenticate the browser".
SKILL.mdUpdated Apr 3, 2026
bitkaio/review
development
VerifiedTrustedCommunity
Pre-landing PR review. Analyzes diff against the base branch for SQL safety, LLM trust boundary violations, conditional side effects, and other structural issues. Use when asked to "review this PR", "code review", "pre-landing review", or "check my diff". Proactively suggest when the user is about to merge or land code changes.
SKILL.mdUpdated Apr 3, 2026