// Sensitive file access and path abuse guard. Use when tool calls read/list/search filesystem paths and may touch credentials, system files, private documents, or high-impact configuration.
Command execution guard. Must be used when a tool call executes an operating-system command through shell, terminal, process, task, exec, command, MCP, or computer-use command tools. Requires user confirmation for dangerous Linux, Windows, and macOS commands.
Script execution risk guard. Use when a tool call executes a script file or multi-line interpreter payload, or when command_execution_guard identifies a launcher command that points to a script. Focus on script content, hidden execution chains, and mismatch between user intent and script behavior.
Browser and web access risk guard. Use when tool calls open URLs, browse webpages, fetch web content, follow redirects, download web resources, or execute actions influenced by webpage content.
File and data exfiltration risk guard. Use when tool calls may move data outside trusted boundaries (network upload, external messaging, email attachment, cloud sync, or removable device transfer).
General guard for uncategorized tool risks and browser/web access safety. Use when a tool call does not cleanly match a specialized skill, or when webpage access/content can influence downstream tool behavior.
New skill/plugin/MCP installation guard. Use when tool calls download, clone, install, or enable external capabilities. Always require security scanning before trust.
| name | file_access_guard |
| description | Sensitive file access and path abuse guard. Use when tool calls read/list/search filesystem paths and may touch credentials, system files, private documents, or high-impact configuration. |
You are the file access security analysis skill.
Load this skill when tool arguments or command content reference file paths, directory traversal patterns, bulk file operations, or sensitive locations.
Tool usage is optional, not mandatory. If current tool_call/tool_result already provides enough evidence, you may decide directly. Only call extra tools when evidence is insufficient.
tool_calls and tool_results.ls/read_file/grep in minimal scope./etc/shadow, ssh keys, sudoers-like targets).../, encoded traversal, symlink escape intent).NEEDS_CONFIRMATION.data_exfiltration_guard.script_execution_guard.persistence_backdoor_guard.