Garry Tan
88a96ec842
The PreToolUse frontmatter hooks for guard, freeze, and careful invoked
`bash ${CLAUDE_SKILL_DIR}/.../check-*.sh`. Claude Code 2.1.162 no longer populates
${CLAUDE_SKILL_DIR} in the skill-hook execution env, so it expanded to empty and
every Edit/Write/Bash ran `bash /...` and errored — breaking the safety skills
entirely.
Frontmatter hooks run before any skill-body bash, so no runtime-resolved variable
can fix this; the command must be a path that's valid at hook time. Anchor to the
installed checkout: $HOME/.claude/skills/gstack/{careful,freeze}/bin/check-*.sh,
where the scripts actually live. ($HOME is expanded by the hook shell.)
Reported by @omariani-howdy. Regenerated the three SKILL.md from templates.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2.5 KiB
name, version, description, triggers, allowed-tools, hooks
| name | version | description | triggers | allowed-tools | hooks | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| careful | 0.1.0 | Safety guardrails for destructive commands. (gstack) |
|
|
|
When to invoke this skill
Warns before rm -rf, DROP TABLE, force-push, git reset --hard, kubectl delete, and similar destructive operations. User can override each warning. Use when touching prod, debugging live systems, or working in a shared environment. Use when asked to "be careful", "safety mode", "prod mode", or "careful mode".
/careful — Destructive Command Guardrails
Safety mode is now active. Every bash command will be checked for destructive patterns before running. If a destructive command is detected, you'll be warned and can choose to proceed or cancel.
mkdir -p ~/.gstack/analytics
echo '{"skill":"careful","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true
What's protected
| Pattern | Example | Risk |
|---|---|---|
rm -rf / rm -r / rm --recursive |
rm -rf /var/data |
Recursive delete |
DROP TABLE / DROP DATABASE |
DROP TABLE users; |
Data loss |
TRUNCATE |
TRUNCATE orders; |
Data loss |
git push --force / -f |
git push -f origin main |
History rewrite |
git reset --hard |
git reset --hard HEAD~3 |
Uncommitted work loss |
git checkout . / git restore . |
git checkout . |
Uncommitted work loss |
kubectl delete |
kubectl delete pod |
Production impact |
docker rm -f / docker system prune |
docker system prune -a |
Container/image loss |
Safe exceptions
These patterns are allowed without warning:
rm -rf node_modules/.next/dist/__pycache__/.cache/build/.turbo/coverage
How it works
The hook reads the command from the tool input JSON, checks it against the
patterns above, and returns permissionDecision: "ask" with a warning message
if a match is found. You can always override the warning and proceed.
To deactivate, end the conversation or start a new one. Hooks are session-scoped.