riccardogrin/being-careful
skills/being-careful/SKILL.md
Activates safety hooks that block dangerous shell commands for the rest of the session — rm -rf, DROP TABLE, force-push, hard reset, kubectl delete, and other destructive operations. Use when touching production, working with sensitive data, or doing risky operations where an accidental destructive command could cause harm
$ install --global
skillsauthnpx skillsauth add riccardogrin/skills being-carefulInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 11, 2026, 10:55 PM9.5s1 file scanned
SKILL.md
- name:
- being-careful
- description:
- Activates safety hooks that block dangerous shell commands for the rest of the session — rm -rf, DROP TABLE, force-push, hard reset, kubectl delete, and other destructive operations. Use when touching production, working with sensitive data, or doing risky operations where an accidental destructive command could cause harm
- - matcher:
- Bash
- - type:
- command
- command:
- if echo \"$CLAUDE_TOOL_INPUT\" | grep -qEi '(rm\\s+-(r|f|rf|fr)\\b|rm\\s+--force|rmdir\\s+/)'; then echo 'BLOCKED: destructive file deletion. Use trash or targeted rm instead.' >&2; exit 2; fi && if echo \"$CLAUDE_TOOL_INPUT\" | grep -qEi '(DROP\\s+(TABLE|DATABASE|SCHEMA|INDEX)|TRUNCATE\\s+TABLE|DELETE\\s+FROM\\s+\\S+\\s*(;|$))'; then echo 'BLOCKED: destructive SQL operation. Review and run manually.' >&2; exit 2; fi && if echo \"$CLAUDE_TOOL_INPUT\" | grep -qEi '(push\\s+.*(\\s+--force\\b|\\s+-f\\b)|push\\s+-f\\b)'; then echo 'BLOCKED: force-push. Use --force-with-lease.' >&2; exit 2; fi && if echo \"$CLAUDE_TOOL_INPUT\" | grep -qEi '(reset\\s+--hard|clean\\s+-f|checkout\\s+--\\s+\\.)'; then echo 'BLOCKED: destructive git operation. Stash or commit first.' >&2; exit 2; fi && if echo \"$CLAUDE_TOOL_INPUT\" | grep -qEi '(branch\\s+-D\\b)'; then echo 'BLOCKED: force branch deletion. Use -d for safe delete.' >&2; exit 2; fi && if echo \"$CLAUDE_TOOL_INPUT\" | grep -qEi '(kubectl\\s+delete|kubectl\\s+.*--force)'; then echo 'BLOCKED: kubectl delete/force. Review and run manually.' >&2; exit 2; fi && if echo \"$CLAUDE_TOOL_INPUT\" | grep -qEi '(docker\\s+(system|volume|container)\\s+prune)'; then echo 'BLOCKED: docker prune. Run manually if intended.' >&2; exit 2; fi
Being Careful
Activates session-scoped safety hooks that block dangerous shell commands. Use this when working near production systems, sensitive data, or doing anything where a misfire could cause real damage.
What Gets Blocked
| Pattern | Why | Safe Alternative |
|---------|-----|-----------------|
| rm -rf, rm -f, rm --force | Irreversible file deletion | trash, targeted rm on specific files |
| DROP TABLE, TRUNCATE, bulk DELETE FROM | Destructive SQL | Review and run manually |
| git push --force, git push -f | Overwrites remote history | git push --force-with-lease |
| git reset --hard | Discards uncommitted work | git stash then reset |
| git clean -f | Deletes untracked files | git stash -u |
| git checkout -- . | Discards all working changes | Stash or commit first |
| git branch -D | Force-deletes branch | git branch -d (safe delete) |
| kubectl delete, kubectl --force | Destroys cluster resources | Review and run manually |
| docker system/volume/container prune | Removes all stopped containers/volumes | Run manually with filters |
How It Works
The skill registers a PreToolUse hook on Bash that inspects each command before execution. If a dangerous pattern is matched, the command is blocked (exit code 2) and Claude sees the reason in stderr. Claude can then suggest a safer alternative.
The hooks are session-scoped — they activate when you invoke /being-careful and last until the session ends.
They do not affect other sessions or persist between sessions.
Gotchas
- The patterns use regex matching, so they may occasionally match in string literals or comments within commands. If a legitimate command is blocked, you can run it manually outside Claude.
git push --force-with-leaseis intentionally allowed — it's the safe alternative to force-push.- The hook does not block
rmwithout-rf/-fflags — targeted file removal is still permitted. - SQL patterns match case-insensitively, so
drop tableandDROP TABLEare both caught.
Related Skills
riccardogrin/transcribing-youtube
data-ai
VerifiedTrustedCommunity
Downloads YouTube videos, transcribes audio via OpenAI Whisper, and produces summaries stored locally. Covers yt-dlp download, audio extraction, transcription, caching, and summarization. Use when a YouTube link is shared and the user wants a transcript or summary
4SKILL.mdUpdated Apr 11, 2026
riccardogrin/reviewing-code
development
VerifiedTrustedCommunity
Runs an adversarial code review loop that spawns independent reviewer and fixer subagents, iterating until only nitpicks remain. Scores findings by confidence, fixes real issues, and re-reviews with fresh eyes — all internal, no GitHub comments. Use when asked to review code, self-review, adversarial review, or polish code before pushing
4SKILL.mdUpdated Apr 11, 2026
riccardogrin/planning
development
VerifiedTrustedCommunity
Creates implementation-ready plans through discovery interviews, external research, and codebase analysis. Covers requirements, competitor research, architecture decisions, and change sequencing. Use when planning features, roadmaps, specs, or any work that needs discovery before coding
4SKILL.mdUpdated Apr 11, 2026
riccardogrin/planning-loop
development
VerifiedTrustedCommunity
Generates an autonomous game design loop that iteratively expands a game concept into a comprehensive vision and implementation plan across multiple sessions. Covers mechanic exploration, system design, competitor research, and plan generation. Use when developing a game idea from seed concept to full implementation plan
4SKILL.mdUpdated Apr 11, 2026