dopiotrek/gstack-guard
skills/gstack/guard/SKILL.md
Full safety mode: destructive command warnings + directory-scoped edits. Combines /careful (warns before rm -rf, DROP TABLE, force-push, etc.) with /freeze (blocks edits outside a specified directory). Use for maximum safety when touching prod or debugging live systems. Use when asked to "guard mode", "full safety", "lock it down", or "maximum safety". (gstack)
development
Updated Apr 17, 2026
$ install --global
skillsauthnpx skillsauth add dopiotrek/dotclaude gstack-guardInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 4:40 AM6.6s2 files scanned
SKILL.md
- name:
- gstack-guard
- version:
- 0.1.0
- description:
- |
- Full safety mode:
- destructive command warnings + directory-scoped edits.
- - matcher:
- Write
- - type:
- command
- command:
- bash ${CLAUDE_SKILL_DIR}/../freeze/bin/check-freeze.sh
- statusMessage:
- Checking freeze boundary...
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly -->
<!-- Regenerate: bun run gen:skill-docs -->
/guard — Full Safety Mode
Activates both destructive command warnings and directory-scoped edit restrictions.
This is the combination of /careful + /freeze in a single command.
Dependency note: This skill references hook scripts from the sibling /careful
and /freeze skill directories. Both must be installed (they are installed together
by the gstack setup script).
mkdir -p ~/.gstack/analytics
echo '{"skill":"guard","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true
Setup
Ask the user which directory to restrict edits to. Use AskUserQuestion:
- Question: "Guard mode: which directory should edits be restricted to? Destructive command warnings are always on. Files outside the chosen path will be blocked from editing."
- Text input (not multiple choice) — the user types a path.
Once the user provides a directory path:
- Resolve it to an absolute path:
FREEZE_DIR=$(cd "<user-provided-path>" 2>/dev/null && pwd)
echo "$FREEZE_DIR"
- Ensure trailing slash and save to the freeze state file:
FREEZE_DIR="${FREEZE_DIR%/}/"
STATE_DIR="${CLAUDE_PLUGIN_DATA:-$HOME/.gstack}"
mkdir -p "$STATE_DIR"
echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt"
echo "Freeze boundary set: $FREEZE_DIR"
Tell the user:
- "Guard mode active. Two protections are now running:"
- "1. Destructive command warnings — rm -rf, DROP TABLE, force-push, etc. will warn before executing (you can override)"
- "2. Edit boundary — file edits restricted to
<path>/. Edits outside this directory are blocked." - "To remove the edit boundary, run
/unfreeze. To deactivate everything, end the session."
What's protected
See /careful for the full list of destructive command patterns and safe exceptions.
See /freeze for how edit boundary enforcement works.
Related Skills
dopiotrek/gstack-review
development
VerifiedTrustedCommunity
Pre-landing PR review. Analyzes diff against the base branch for SQL safety, LLM trust boundary violations, conditional side effects, and other structural issues. Use when asked to "review this PR", "code review", "pre-landing review", or "check my diff". Proactively suggest when the user is about to merge or land code changes. (gstack)
SKILL.mdUpdated Apr 17, 2026
dopiotrek/gstack-retro
development
VerifiedTrustedCommunity
Weekly engineering retrospective. Analyzes commit history, work patterns, and code quality metrics with persistent history and trend tracking. Team-aware: breaks down per-person contributions with praise and growth areas. Use when asked to "weekly retro", "what did we ship", or "engineering retrospective". Proactively suggest at the end of a work week or sprint. (gstack)
SKILL.mdUpdated Apr 17, 2026
dopiotrek/gstack-qa
development
VerifiedTrustedCommunity
Systematically QA test a web application and fix bugs found. Runs QA testing, then iteratively fixes bugs in source code, committing each fix atomically and re-verifying. Use when asked to "qa", "QA", "test this site", "find bugs", "test and fix", or "fix what's broken". Proactively suggest when the user says a feature is ready for testing or asks "does this work?". Three tiers: Quick (critical/high only), Standard (+ medium), Exhaustive (+ cosmetic). Produces before/after health scores, fix evidence, and a ship-readiness summary. For report-only mode, use /qa-only. (gstack)
SKILL.mdUpdated Apr 17, 2026
dopiotrek/gstack-qa-only
development
VerifiedTrustedCommunity
Report-only QA testing. Systematically tests a web application and produces a structured report with health score, screenshots, and repro steps — but never fixes anything. Use when asked to "just report bugs", "qa report only", or "test but don't fix". For the full test-fix-verify loop, use /qa instead. Proactively suggest when the user wants a bug report without any code changes. (gstack)
SKILL.mdUpdated Apr 17, 2026