gaaschk/careful
.claude/skills/gstack/careful/SKILL.md
Safety guardrails for destructive commands. Warns before rm -rf, DROP TABLE, force-push, git reset --hard, kubectl delete, and similar destructive operations. User can override each warning. Use when touching prod, debugging live systems, or working in a shared environment. Use when asked to "be careful", "safety mode", "prod mode", or "careful mode".
development
Updated Apr 17, 2026
$ install --global
skillsauthnpx skillsauth add gaaschk/gaasch-family carefulInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 3, 2026, 7:31 PM338.8s3 files scanned
SKILL.md
- name:
- careful
- version:
- 0.1.0
- description:
- |
- - matcher:
- Bash
- - type:
- command
- command:
- bash ${CLAUDE_SKILL_DIR}/bin/check-careful.sh
- statusMessage:
- Checking for destructive commands...
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly -->
<!-- Regenerate: bun run gen:skill-docs -->
/careful — Destructive Command Guardrails
Safety mode is now active. Every bash command will be checked for destructive patterns before running. If a destructive command is detected, you'll be warned and can choose to proceed or cancel.
mkdir -p ~/.gstack/analytics
echo '{"skill":"careful","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true
What's protected
| Pattern | Example | Risk |
|---------|---------|------|
| rm -rf / rm -r / rm --recursive | rm -rf /var/data | Recursive delete |
| DROP TABLE / DROP DATABASE | DROP TABLE users; | Data loss |
| TRUNCATE | TRUNCATE orders; | Data loss |
| git push --force / -f | git push -f origin main | History rewrite |
| git reset --hard | git reset --hard HEAD~3 | Uncommitted work loss |
| git checkout . / git restore . | git checkout . | Uncommitted work loss |
| kubectl delete | kubectl delete pod | Production impact |
| docker rm -f / docker system prune | docker system prune -a | Container/image loss |
Safe exceptions
These patterns are allowed without warning:
rm -rf node_modules/.next/dist/__pycache__/.cache/build/.turbo/coverage
How it works
The hook reads the command from the tool input JSON, checks it against the
patterns above, and returns permissionDecision: "ask" with a warning message
if a match is found. You can always override the warning and proceed.
To deactivate, end the conversation or start a new one. Hooks are session-scoped.
Related Skills
gaaschk/unfreeze
data-ai
VerifiedTrustedCommunity
Clear the freeze boundary set by /freeze, allowing edits to all directories again. Use when you want to widen edit scope without ending the session. Use when asked to "unfreeze", "unlock edits", "remove freeze", or "allow all edits".
SKILL.mdUpdated Apr 17, 2026
gaaschk/ship
development
VerifiedTrustedCommunity
Ship workflow: detect + merge base branch, run tests, review diff, bump VERSION, update CHANGELOG, commit, push, create PR. Use when asked to "ship", "deploy", "push to main", "create a PR", or "merge and push". Proactively suggest when the user says code is ready or asks about deploying.
SKILL.mdUpdated Apr 17, 2026
gaaschk/setup-deploy
testing
VerifiedTrustedCommunity
Configure deployment settings for /land-and-deploy. Detects your deploy platform (Fly.io, Render, Vercel, Netlify, Heroku, GitHub Actions, custom), production URL, health check endpoints, and deploy status commands. Writes the configuration to CLAUDE.md so all future deploys are automatic. Use when: "setup deploy", "configure deployment", "set up land-and-deploy", "how do I deploy with gstack", "add deploy config".
SKILL.mdUpdated Apr 17, 2026
gaaschk/setup-browser-cookies
testing
VerifiedTrustedCommunity
Import cookies from your real browser (Comet, Chrome, Arc, Brave, Edge) into the headless browse session. Opens an interactive picker UI where you select which cookie domains to import. Use before QA testing authenticated pages. Use when asked to "import cookies", "login to the site", or "authenticate the browser".
SKILL.mdUpdated Apr 17, 2026