dopiotrek/gstack-careful
skills/gstack/careful/SKILL.md
Safety guardrails for destructive commands. Warns before rm -rf, DROP TABLE, force-push, git reset --hard, kubectl delete, and similar destructive operations. User can override each warning. Use when touching prod, debugging live systems, or working in a shared environment. Use when asked to "be careful", "safety mode", "prod mode", or "careful mode". (gstack)
development
Updated Apr 17, 2026
$ install --global
skillsauthnpx skillsauth add dopiotrek/dotclaude gstack-carefulInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 4:40 AM8.5s3 files scanned
SKILL.md
- name:
- gstack-careful
- version:
- 0.1.0
- description:
- |
- - matcher:
- Bash
- - type:
- command
- command:
- bash ${CLAUDE_SKILL_DIR}/bin/check-careful.sh
- statusMessage:
- Checking for destructive commands...
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly -->
<!-- Regenerate: bun run gen:skill-docs -->
/careful — Destructive Command Guardrails
Safety mode is now active. Every bash command will be checked for destructive patterns before running. If a destructive command is detected, you'll be warned and can choose to proceed or cancel.
mkdir -p ~/.gstack/analytics
echo '{"skill":"careful","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true
What's protected
| Pattern | Example | Risk |
|---------|---------|------|
| rm -rf / rm -r / rm --recursive | rm -rf /var/data | Recursive delete |
| DROP TABLE / DROP DATABASE | DROP TABLE users; | Data loss |
| TRUNCATE | TRUNCATE orders; | Data loss |
| git push --force / -f | git push -f origin main | History rewrite |
| git reset --hard | git reset --hard HEAD~3 | Uncommitted work loss |
| git checkout . / git restore . | git checkout . | Uncommitted work loss |
| kubectl delete | kubectl delete pod | Production impact |
| docker rm -f / docker system prune | docker system prune -a | Container/image loss |
Safe exceptions
These patterns are allowed without warning:
rm -rf node_modules/.next/dist/__pycache__/.cache/build/.turbo/coverage
How it works
The hook reads the command from the tool input JSON, checks it against the
patterns above, and returns permissionDecision: "ask" with a warning message
if a match is found. You can always override the warning and proceed.
To deactivate, end the conversation or start a new one. Hooks are session-scoped.
Related Skills
dopiotrek/deep-dive-burst
development
VerifiedTrustedCommunity
Burst copilot for learning-in-public company deep dives. Walks the user through one complete publishing burst — shape loose thoughts into a question, frame it, research with sources, enforce the from-memory recall step, support (but never write) the draft, critique against the signature checklist and style guide, and prepare cross-posts for X and Substack. Use this skill whenever the user wants to start a burst, work on their deep dive series, research a company or industry question for a post, asks "what's my next post/question", brings a few rough thoughts or a reaction they want to turn into a post, shares a deep-dive draft for editing, or wants to publish/cross-post a series piece — even if they don't say "burst" or "deep dive" explicitly. Works both for continuing a series and as a standalone start from scratch with no posts yet. Also use it when the user asks to write a deep-dive post for them (the skill defines how to respond to that).
SKILL.mdUpdated Jun 9, 2026
dopiotrek/gstack-review
development
VerifiedTrustedCommunity
Pre-landing PR review. Analyzes diff against the base branch for SQL safety, LLM trust boundary violations, conditional side effects, and other structural issues. Use when asked to "review this PR", "code review", "pre-landing review", or "check my diff". Proactively suggest when the user is about to merge or land code changes. (gstack)
SKILL.mdUpdated Apr 17, 2026
dopiotrek/gstack-retro
development
VerifiedTrustedCommunity
Weekly engineering retrospective. Analyzes commit history, work patterns, and code quality metrics with persistent history and trend tracking. Team-aware: breaks down per-person contributions with praise and growth areas. Use when asked to "weekly retro", "what did we ship", or "engineering retrospective". Proactively suggest at the end of a work week or sprint. (gstack)
SKILL.mdUpdated Apr 17, 2026
dopiotrek/gstack-qa
development
VerifiedTrustedCommunity
Systematically QA test a web application and fix bugs found. Runs QA testing, then iteratively fixes bugs in source code, committing each fix atomically and re-verifying. Use when asked to "qa", "QA", "test this site", "find bugs", "test and fix", or "fix what's broken". Proactively suggest when the user says a feature is ready for testing or asks "does this work?". Three tiers: Quick (critical/high only), Standard (+ medium), Exhaustive (+ cosmetic). Produces before/after health scores, fix evidence, and a ship-readiness summary. For report-only mode, use /qa-only. (gstack)
SKILL.mdUpdated Apr 17, 2026