dopiotrek/gstack-freeze
skills/gstack/freeze/SKILL.md
Restrict file edits to a specific directory for the session. Blocks Edit and Write outside the allowed path. Use when debugging to prevent accidentally "fixing" unrelated code, or when you want to scope changes to one module. Use when asked to "freeze", "restrict edits", "only edit this folder", or "lock down edits". (gstack)
development
Updated Apr 17, 2026
$ install --global
skillsauthnpx skillsauth add dopiotrek/dotclaude gstack-freezeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 4:40 AM7.1s3 files scanned
SKILL.md
- name:
- gstack-freeze
- version:
- 0.1.0
- description:
- |
- - matcher:
- Write
- - type:
- command
- command:
- bash ${CLAUDE_SKILL_DIR}/bin/check-freeze.sh
- statusMessage:
- Checking freeze boundary...
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly -->
<!-- Regenerate: bun run gen:skill-docs -->
/freeze — Restrict Edits to a Directory
Lock file edits to a specific directory. Any Edit or Write operation targeting a file outside the allowed path will be blocked (not just warned).
mkdir -p ~/.gstack/analytics
echo '{"skill":"freeze","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true
Setup
Ask the user which directory to restrict edits to. Use AskUserQuestion:
- Question: "Which directory should I restrict edits to? Files outside this path will be blocked from editing."
- Text input (not multiple choice) — the user types a path.
Once the user provides a directory path:
- Resolve it to an absolute path:
FREEZE_DIR=$(cd "<user-provided-path>" 2>/dev/null && pwd)
echo "$FREEZE_DIR"
- Ensure trailing slash and save to the freeze state file:
FREEZE_DIR="${FREEZE_DIR%/}/"
STATE_DIR="${CLAUDE_PLUGIN_DATA:-$HOME/.gstack}"
mkdir -p "$STATE_DIR"
echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt"
echo "Freeze boundary set: $FREEZE_DIR"
Tell the user: "Edits are now restricted to <path>/. Any Edit or Write
outside this directory will be blocked. To change the boundary, run /freeze
again. To remove it, run /unfreeze or end the session."
How it works
The hook reads file_path from the Edit/Write tool input JSON, then checks
whether the path starts with the freeze directory. If not, it returns
permissionDecision: "deny" to block the operation.
The freeze boundary persists for the session via the state file. The hook script reads it on every Edit/Write invocation.
Notes
- The trailing
/on the freeze directory prevents/srcfrom matching/src-old - Freeze applies to Edit and Write tools only — Read, Bash, Glob, Grep are unaffected
- This prevents accidental edits, not a security boundary — Bash commands like
sedcan still modify files outside the boundary - To deactivate, run
/unfreezeor end the conversation
Related Skills
dopiotrek/gstack-review
development
VerifiedTrustedCommunity
Pre-landing PR review. Analyzes diff against the base branch for SQL safety, LLM trust boundary violations, conditional side effects, and other structural issues. Use when asked to "review this PR", "code review", "pre-landing review", or "check my diff". Proactively suggest when the user is about to merge or land code changes. (gstack)
SKILL.mdUpdated Apr 17, 2026
dopiotrek/gstack-retro
development
VerifiedTrustedCommunity
Weekly engineering retrospective. Analyzes commit history, work patterns, and code quality metrics with persistent history and trend tracking. Team-aware: breaks down per-person contributions with praise and growth areas. Use when asked to "weekly retro", "what did we ship", or "engineering retrospective". Proactively suggest at the end of a work week or sprint. (gstack)
SKILL.mdUpdated Apr 17, 2026
dopiotrek/gstack-qa
development
VerifiedTrustedCommunity
Systematically QA test a web application and fix bugs found. Runs QA testing, then iteratively fixes bugs in source code, committing each fix atomically and re-verifying. Use when asked to "qa", "QA", "test this site", "find bugs", "test and fix", or "fix what's broken". Proactively suggest when the user says a feature is ready for testing or asks "does this work?". Three tiers: Quick (critical/high only), Standard (+ medium), Exhaustive (+ cosmetic). Produces before/after health scores, fix evidence, and a ship-readiness summary. For report-only mode, use /qa-only. (gstack)
SKILL.mdUpdated Apr 17, 2026
dopiotrek/gstack-qa-only
development
VerifiedTrustedCommunity
Report-only QA testing. Systematically tests a web application and produces a structured report with health score, screenshots, and repro steps — but never fixes anything. Use when asked to "just report bugs", "qa report only", or "test but don't fix". For the full test-fix-verify loop, use /qa instead. Proactively suggest when the user wants a bug report without any code changes. (gstack)
SKILL.mdUpdated Apr 17, 2026