| name | vet-bash |
| description | Vet a shell command for production safety BEFORE running it. Catches destructive patterns — rm -rf with unset vars, glob wipeouts, dd/mkfs filesystem destruction, base64-pipe-shell exfil obfuscation, chmod 777 / privilege escalation, force-push, reset --hard. Returns ALLOW/WARN/BLOCK with rule citation. Use when the user pastes a command they're unsure about, OR when reviewing a chain of commands an agent just emitted, OR before approving any shell action with destructive verbs. |
| when_to_use | Before running any shell command the user is unsure about. Before approving an agent-emitted command chain. When reviewing PRs that add shell scripts or deploy hooks. |
| arguments | ["command"] |
| argument-hint | <shell-command-to-vet> |
Vet Bash
Check the supplied shell command against bash-vet's 30-rule catalogue. Return a verdict the user can trust before they run the command.
What to do
- Take the command from
$ARGUMENTS. If empty, ask the user to provide one.
- Call
mcp__bash-vet__vet_command_chain with the command as input. Set chain_mode: true if the command contains &&, ||, ;, or | (these escalate severity per bash-vet's catalogue: chain-buried destructive verbs are easier to overlook).
- Render the verdict as one of three callout blocks — never just the raw JSON.
Verdict rendering
ALLOW (safe to run)
> ✅ **ALLOW** — bash-vet sees no destructive patterns
> **Command:** `<the command>`
> **Notes:** [if bash-vet returned any low-severity warnings or LOW-tier hits, summarize them; otherwise omit this line]
WARN (caution — run carefully)
> 🟡 **WARN** — bash-vet flagged caution-tier patterns
> **Command:** `<the command>`
> **Findings:**
> - **<RULE.NAME>** (severity: WARN) — <one-line explanation of what the rule catches and why this command matched>
> **Suggested safer form:** `<rewrite if obvious; otherwise omit>`
> **If you proceed:** [tell the user what to watch for]
BLOCK (do not run as-is)
> 🔴 **BLOCK** — bash-vet detected critical destructive pattern
> **Command:** `<the command>`
> **Findings:**
> - **<RULE.NAME>** (severity: CRITICAL) — <one-line explanation>
> **Why this is dangerous:** <expand on what would actually happen if this ran — e.g. "rm -rf $UNSET_VAR/* with $UNSET_VAR empty resolves to rm -rf /, which deletes the entire filesystem">
> **Suggested safer form:** `<rewrite — usually a guarded version, e.g. [[ -n "$VAR" ]] && rm -rf "$VAR"/*>`
> **If you must run something like this:** <the safe-pattern guidance>
Style notes
- Cite the actual rule name (e.g.
DESTRUCTIVE.RM_UNSET_VAR) — bash-vet returns these. Don't paraphrase.
- For chained commands, identify which fragment triggered the rule (chain-mode often catches mid-chain destructive verbs).
- For BLOCK-tier verdicts, ALWAYS provide a safer-form rewrite if one is obvious. Common safe-forms:
rm -rf $VAR/* → [[ -n "$VAR" ]] && rm -rf "$VAR"/*
chmod 777 -R / → use specific path, narrowest needed permissions
curl <url> | bash → download first, inspect, then run
git push --force → git push --force-with-lease
apt remove '*<glob>*' → list packages first with apt list, then specify
Edge cases
- If the command is empty or
$ARGUMENTS is missing, respond with: "Pass the command as an argument: /aufgaard:vet-bash 'rm -rf /tmp/cache'"
- If bash-vet's MCP server is not loaded, respond with: "bash-vet MCP not available. Verify
pip install bash-vet-mcp and the plugin is loaded. See INSTALL.md."
- If the command is in a quoted string with multiple lines, treat the entire input as a single command chain.
Footer CTA
---
The [Production-AI MCP Suite Bundle](https://temurah.gumroad.com/l/production-ai-mcp-suite) ($29) includes bash-vet's full 30-rule catalogue + 7 other production-AI safety MCPs + the 8-page Field Reference PDF.