원클릭으로 Manus에서 모든 스킬 실행

시작하기

skill-safe-commands

스타3

포크0

업데이트2026년 6월 2일 11:31

Centralized list of commands safe for auto-execution without user approval. Single source of truth.

설치

Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.

Manus에서 실행

출처

MatrixFounder

MatrixFounder/Agentic-development

GitHub 저장소 열기 Creator 저장소 보기

다운로드

Manus에서 실행

Safe Commands Protocol

This skill defines all commands that are SAFE TO AUTO-RUN without user approval.

[!IMPORTANT] This is the single source of truth for Safe Commands. All other skills and prompts should reference this skill instead of duplicating the list.

Auto-Run Command Categories

Category	Commands	Reason
Read-only	`ls`, `cat`, `head`, `tail`, `find`, `grep`, `rg`, `fd`, `tree`, `wc`, `echo`	Do not modify state
Symlink-aware	`find -L`, `ls -L`, `rg --follow` / `rg -L`, `fd -L`	Read-only, but follow symlinks into framework dirs (`.agent/`, `.agents/`, `.cursor/skills/`, `System/`, `.agentic-development/`). Plain `find`/`ls`/`rg` do not descend into symlinked directories
File info	`stat`, `file`, `du`, `df`	Informational only
Git read	`git status`, `git log`, `git diff`, `git show`, `git branch`, `git remote`, `git tag`	Read-only git operations
Archiving	`mv docs/TASK.md docs/tasks/...`, `mv docs/PLAN.md docs/plans/...`	Documented, non-destructive moves (TASK/PLAN rotate in lockstep)
Directory	`mkdir -p docs/tasks`, `mkdir -p docs/plans`, `mkdir -p docs/architectures`, `mkdir -p .agent/skills/*`	Idempotent operations
Tool calls	`generate_task_archive_filename`, `list_directory`, `read_file`	Native tools
Framework scripts	`python3 .agent/skills/skill-session-state/scripts/update_state.py`, `python3 .agent/tools/task_id_tool.py`, `python3 .agent/skills/skill-creator/scripts/validate_skill.py`, `python3 .agent/skills/skill-creator/scripts/init_skill.py`, `python3 System/scripts/doctor.py`	Framework automation
Testing	`python -m pytest ...`, `npm test`, `npx jest`, `cargo test`	Tests don't modify source code

Pattern Matching Rules

Commands are safe if they match these patterns:

# Read-only filesystem
^(ls|cat|head|tail|find|grep|rg|fd|tree|wc|stat|file|du|df|echo)(?:\s|$)

# Symlink-aware read-only — framework dirs (.agent/, .agents/, System/, .agentic-development/) may be symlinks
^find\s+-L
^ls\s+-[a-zA-Z]*L
^rg\s+(--follow|-L)
^fd\s+-[a-zA-Z]*L

# Git read operations
^git\s+(status|log|diff|show|branch|remote|tag)

# Archiving (specific paths only)
^mv\s+docs/(TASK|PLAN)\.md\s+docs/(tasks|plans)/

# Directory creation (safe paths)
^mkdir\s+-p\s+(docs|\.agent|tests)/

# Python testing
^(python|python3)\s+-m\s+pytest
^cd\s+\.agent/tools\s+&&\s+python
^python3?\s+-c\s+'from\s+scripts\.tool_runner

# Node testing
^npm\s+test
^npx\s+jest

# Framework scripts
^python3\s+\.agent/skills/skill-session-state/scripts/update_state\.py
^python3\s+\.agent/tools/task_id_tool\.py
^python3\s+\.agent/skills/skill-creator/scripts/(validate_skill|init_skill)\.py
^python3\s+System/scripts/doctor\.py

Implementation Guidelines

For Agents (Runtime Behavior)

When calling run_command in ANY environment:

Check if the command matches the patterns above or the table.
If match found → Set SafeToAutoRun: true.
If no match → Set SafeToAutoRun: false (require approval).

[!IMPORTANT] Symlink-following is the default for framework paths. When listing or searching .agent/, .agents/, .cursor/skills/, System/, or .agentic-development/, prefer the symlink-aware variants (find -L, ls -L, rg --follow) — a plain find/ls/rg silently skips symlinked directories. If a read-only probe returns nothing under a known framework directory, retry it once with symlink-following enabled before treating the path as empty or missing.

For Users (Configuration)

Note for Agents: Do NOT create configuration files (like .cursorrules or AGENTS.md) automatically. These are user-managed files.

Cursor Users:

Add the patterns above to your .cursorrules or AGENTS.md file to enable auto-approval.

Antigravity Users:

Add the command list below to "Allow List Terminal Commands" setting in IDE options: ls,cat,head,tail,find,find -L,ls -L,grep,rg,rg --follow,fd,fd -L,tree,wc,stat,file,du,df,git status,git log,git diff,git show,git branch,git remote,git tag,mv docs/TASK.md,mv docs/PLAN.md,mkdir -p docs,mkdir -p .agent,mkdir -p tests,python -m pytest,python3 -m pytest,npm test,npx jest,cargo test

Troubleshooting

If the IDE still requests approval for commands listed here:

Agent Behavior: Ensure the Agent is actually setting SafeToAutoRun: true in the tool call. If the Agent sets it to false, the IDE must ask for approval regardless of the Allow List.
Prefix Matching: Some IDEs require exact matches. If mv docs/TASK.md works but mv docs/TASK.md docs/tasks/foo.md fails, check if the IDE supports regex/glob patterns or try shortening the allowed rule (e.g., mv only) if security policy permits.

Integration

How Other Skills Should Reference This

Instead of duplicating Safe Commands lists, use:

## Safe Commands
See `skill-safe-commands` for the authoritative list of commands safe for auto-execution.

Required by

skill-archive-task — archiving commands
artifact-management — file operations
developer-guidelines — test commands
All agent prompts — general command execution

이 저장소의 다른 Skills

같은 저장소

skill-parallel-orchestration

MatrixFounder/Agentic-development

Use when decomposing tasks into parallel sub-tasks or spawning sub-agents. Vendor-agnostic core; load a per-vendor reference for concrete tool names, directory conventions, and invocation syntax.

2026-06-103

vdd-adversarial

MatrixFounder/Agentic-development

Use when performing Verification-Driven Development with adversarial approach. Actively challenge assumptions and find weak spots.

2026-06-103

vdd-sarcastic

MatrixFounder/Agentic-development

Use when performing VDD adversarial review with an opt-in sarcastic, provocative delivery style — a stylistic skin over vdd-adversarial mechanics (exhaustive reporting + objective bar).

2026-06-103

skill-adversarial-performance

MatrixFounder/Agentic-development

Performance critic in adversarial style (optional sarcastic skin). Part of VDD Multi-Adversarial pipeline.

2026-06-103

skill-adversarial-security

MatrixFounder/Agentic-development

Use when performing OWASP security critique in adversarial style (optional sarcastic skin). Part of VDD Multi-Adversarial pipeline.

2026-06-103

security-audit

MatrixFounder/Agentic-development

Use when performing security vulnerability assessment (OWASP, secrets, dependencies, IaC, LLM, API, MCP/agentic) or when "thinking like a hacker" to find exploits.

2026-06-103

name	skill-safe-commands
description	Centralized list of commands safe for auto-execution without user approval. Single source of truth.
tier	0
version	1.2

Safe Commands Protocol

This skill defines all commands that are SAFE TO AUTO-RUN without user approval.

[!IMPORTANT] This is the single source of truth for Safe Commands. All other skills and prompts should reference this skill instead of duplicating the list.

Auto-Run Command Categories

Category	Commands	Reason
Read-only	`ls`, `cat`, `head`, `tail`, `find`, `grep`, `rg`, `fd`, `tree`, `wc`, `echo`	Do not modify state
Symlink-aware	`find -L`, `ls -L`, `rg --follow` / `rg -L`, `fd -L`	Read-only, but follow symlinks into framework dirs (`.agent/`, `.agents/`, `.cursor/skills/`, `System/`, `.agentic-development/`). Plain `find`/`ls`/`rg` do not descend into symlinked directories
File info	`stat`, `file`, `du`, `df`	Informational only
Git read	`git status`, `git log`, `git diff`, `git show`, `git branch`, `git remote`, `git tag`	Read-only git operations
Archiving	`mv docs/TASK.md docs/tasks/...`, `mv docs/PLAN.md docs/plans/...`	Documented, non-destructive moves (TASK/PLAN rotate in lockstep)
Directory	`mkdir -p docs/tasks`, `mkdir -p docs/plans`, `mkdir -p docs/architectures`, `mkdir -p .agent/skills/*`	Idempotent operations
Tool calls	`generate_task_archive_filename`, `list_directory`, `read_file`	Native tools
Framework scripts	`python3 .agent/skills/skill-session-state/scripts/update_state.py`, `python3 .agent/tools/task_id_tool.py`, `python3 .agent/skills/skill-creator/scripts/validate_skill.py`, `python3 .agent/skills/skill-creator/scripts/init_skill.py`, `python3 System/scripts/doctor.py`	Framework automation
Testing	`python -m pytest ...`, `npm test`, `npx jest`, `cargo test`	Tests don't modify source code

Pattern Matching Rules

Commands are safe if they match these patterns:

# Read-only filesystem
^(ls|cat|head|tail|find|grep|rg|fd|tree|wc|stat|file|du|df|echo)(?:\s|$)

# Symlink-aware read-only — framework dirs (.agent/, .agents/, System/, .agentic-development/) may be symlinks
^find\s+-L
^ls\s+-[a-zA-Z]*L
^rg\s+(--follow|-L)
^fd\s+-[a-zA-Z]*L

# Git read operations
^git\s+(status|log|diff|show|branch|remote|tag)

# Archiving (specific paths only)
^mv\s+docs/(TASK|PLAN)\.md\s+docs/(tasks|plans)/

# Directory creation (safe paths)
^mkdir\s+-p\s+(docs|\.agent|tests)/

# Python testing
^(python|python3)\s+-m\s+pytest
^cd\s+\.agent/tools\s+&&\s+python
^python3?\s+-c\s+'from\s+scripts\.tool_runner

# Node testing
^npm\s+test
^npx\s+jest

# Framework scripts
^python3\s+\.agent/skills/skill-session-state/scripts/update_state\.py
^python3\s+\.agent/tools/task_id_tool\.py
^python3\s+\.agent/skills/skill-creator/scripts/(validate_skill|init_skill)\.py
^python3\s+System/scripts/doctor\.py

Implementation Guidelines

For Agents (Runtime Behavior)

When calling run_command in ANY environment:

Check if the command matches the patterns above or the table.
If match found → Set SafeToAutoRun: true.
If no match → Set SafeToAutoRun: false (require approval).

[!IMPORTANT] Symlink-following is the default for framework paths. When listing or searching .agent/, .agents/, .cursor/skills/, System/, or .agentic-development/, prefer the symlink-aware variants (find -L, ls -L, rg --follow) — a plain find/ls/rg silently skips symlinked directories. If a read-only probe returns nothing under a known framework directory, retry it once with symlink-following enabled before treating the path as empty or missing.

For Users (Configuration)

Note for Agents: Do NOT create configuration files (like .cursorrules or AGENTS.md) automatically. These are user-managed files.

Cursor Users:

Add the patterns above to your .cursorrules or AGENTS.md file to enable auto-approval.

Antigravity Users:

Add the command list below to "Allow List Terminal Commands" setting in IDE options: ls,cat,head,tail,find,find -L,ls -L,grep,rg,rg --follow,fd,fd -L,tree,wc,stat,file,du,df,git status,git log,git diff,git show,git branch,git remote,git tag,mv docs/TASK.md,mv docs/PLAN.md,mkdir -p docs,mkdir -p .agent,mkdir -p tests,python -m pytest,python3 -m pytest,npm test,npx jest,cargo test

Troubleshooting

If the IDE still requests approval for commands listed here:

Agent Behavior: Ensure the Agent is actually setting SafeToAutoRun: true in the tool call. If the Agent sets it to false, the IDE must ask for approval regardless of the Allow List.
Prefix Matching: Some IDEs require exact matches. If mv docs/TASK.md works but mv docs/TASK.md docs/tasks/foo.md fails, check if the IDE supports regex/glob patterns or try shortening the allowed rule (e.g., mv only) if security policy permits.

Integration

How Other Skills Should Reference This

Instead of duplicating Safe Commands lists, use:

## Safe Commands
See `skill-safe-commands` for the authoritative list of commands safe for auto-execution.

Required by

skill-archive-task — archiving commands
artifact-management — file operations
developer-guidelines — test commands
All agent prompts — general command execution