Command execution guard. Must be used when a tool call executes an operating-system command through shell, terminal, process, task, exec, command, MCP, or computer-use command tools. Requires user confirmation for dangerous Linux, Windows, and macOS commands.
Script execution risk guard. Use when a tool call executes a script file or multi-line interpreter payload, or when command_execution_guard identifies a launcher command that points to a script. Focus on script content, hidden execution chains, and mismatch between user intent and script behavior.
Browser and web access risk guard. Use when tool calls open URLs, browse webpages, fetch web content, follow redirects, download web resources, or execute actions influenced by webpage content.
File and data exfiltration risk guard. Use when tool calls may move data outside trusted boundaries (network upload, external messaging, email attachment, cloud sync, or removable device transfer).
Sensitive file access and path abuse guard. Use when tool calls read/list/search filesystem paths and may touch credentials, system files, private documents, or high-impact configuration.
General guard for uncategorized tool risks and browser/web access safety. Use when a tool call does not cleanly match a specialized skill, or when webpage access/content can influence downstream tool behavior.
New skill/plugin/MCP installation guard. Use when tool calls download, clone, install, or enable external capabilities. Always require security scanning before trust.
Dependency and package supply-chain risk guard. Use when tool calls install packages, modify dependency manifests, change lockfiles, or execute install hooks.