一键导入
claude-code-safety-net
Safety net plugin that blocks destructive git and filesystem commands in Claude Code, OpenCode, Gemini CLI, Copilot CLI, and Codex
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Safety net plugin that blocks destructive git and filesystem commands in Claude Code, OpenCode, Gemini CLI, Copilot CLI, and Codex
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Create AI marketing videos and images using Arcads API — Seedance, Sora, Veo, Kling, Nano Banana, ChatGPT Image, and multi-step ad pipelines
Generate AI marketing videos and static image ads using the Arcads API with skills for Seedance 2.0, Sora 2, Veo 3.1, Kling 3.0, Nano Banana, and 37 Meta ad templates
Create AI marketing videos and images using Arcads API with Seedance 2.0, Sora 2, Veo 3.1, Kling 3.0, Nano Banana, and 37 static Meta ad templates
Generate AI marketing videos and images using Arcads creative stack (Seedance 2.0, Sora 2, Veo 3.1, Kling, Nano Banana, ChatGPT Image) from Claude Code or Cursor
Generate AI marketing videos and static image ads using Arcads external API with Seedance 2.0, Sora 2, Veo 3.1, Kling, Nano Banana, and 37-template Meta image library
Create AI marketing videos and static Meta image ads using the Arcads API with Seedance 2.0, Sora 2, Veo 3.1, Kling, Nano Banana, ChatGPT Image, and 37 static ad templates
| name | claude-code-safety-net |
| description | Safety net plugin that blocks destructive git and filesystem commands in Claude Code, OpenCode, Gemini CLI, Copilot CLI, and Codex |
| triggers | ["install the safety net plugin","protect against destructive commands","block dangerous git operations","prevent accidental file deletions","configure safety net modes","check safety net status","add custom safety rules","enable strict mode protection"] |
Skill by ara.so — Claude Code Skills collection.
A PreToolUse hook plugin that intercepts and blocks destructive git and filesystem commands before they execute. Works across Claude Code, OpenCode, Gemini CLI, Copilot CLI, and Codex.
Safety Net analyzes commands before execution and blocks operations that could:
git reset --hard, git checkout -- .)git push --force)rm -rf /)git stash clear)bash -c "rm -rf /")python -c 'os.system("rm -rf /")')It runs before permission rules and provides semantic command analysis that wildcards can't match.
/plugin marketplace add kenryu42/cc-marketplace
/plugin install safety-net@cc-marketplace
/reload-plugins
Enable auto-updates:
/plugin
# Select Marketplaces → cc-marketplace → Enable auto-update
Add to ~/.config/opencode/opencode.json:
{
"plugin": ["cc-safety-net"]
}
gemini extensions install https://github.com/kenryu42/gemini-safety-net
/plugin install kenryu42/copilot-safety-net
Restart Copilot CLI after installation.
Enable hooks in ~/.codex/config.toml:
[features]
plugin_hooks = true
Add marketplace and install:
codex plugin marketplace add kenryu42/cc-marketplace
In Codex TUI:
/plugins[cc-marketplace] and press Enter/hookst to trustAdd to ~/.claude/settings.json:
{
"statusLine": {
"type": "command",
"command": "bunx cc-safety-net --statusline"
}
}
Or pipe with existing status:
{
"statusLine": {
"type": "command",
"command": "git branch --show-current | bunx cc-safety-net --statusline"
}
}
Status indicators:
🛡️ Safety Net ❌ - Plugin disabled🛡️ Safety Net ✅ - Default mode active🛡️ Safety Net ✅ 🔒 - Strict mode enabled🛡️ Safety Net ✅ 👁️ - Paranoid mode enabled🛡️ Safety Net ✅ 🌳 - Worktree mode enabledCreate ~/.config/cc-safety-net/rules.json:
{
"rules": [
{
"name": "block-npm-publish",
"pattern": "npm publish",
"action": "block",
"reason": "Use CI/CD pipeline for publishing"
},
{
"name": "allow-temp-cleanup",
"pattern": "rm -rf /tmp/myapp-*",
"action": "allow",
"reason": "Safe to clean temp files"
},
{
"name": "block-production-deploys",
"pattern": "kubectl.*--context=prod",
"action": "block",
"reason": "Production deploys require manual approval"
}
]
}
Rule schema:
interface Rule {
name: string; // Unique identifier
pattern: string; // Regex pattern to match
action: "block" | "allow";
reason: string; // Why this rule exists
}
Matching behavior:
Blocks additional destructive operations:
{
"safety-net": {
"strict": true
}
}
Blocked in strict mode:
git clean -fd - Deletes untracked filesgit branch -D - Force deletes branchesgit remote remove - Removes remote repositoriesBlocks all potentially destructive commands, even if they have safe variants:
{
"safety-net": {
"paranoid": true
}
}
Blocked in paranoid mode:
git checkout commands (including safe branch switches)git reset commands (including --soft)rm commands with -r flagProvides additional protection when using git worktrees:
{
"safety-net": {
"worktree": true
}
}
Blocks worktree-specific destructive operations:
Automatically redacts sensitive values from logs:
# Command executed:
curl -H "Authorization: Bearer sk-1234..." https://api.example.com
# Logged as:
curl -H "Authorization: Bearer [REDACTED]" https://api.example.com
Patterns redacted:
sk-, api_key=)Bearer, token=)password=, -p)Enable detailed command logging in ~/.claude/settings.json:
{
"safety-net": {
"audit": {
"enabled": true,
"logFile": "~/.config/cc-safety-net/audit.log"
}
}
}
Log format:
{
"timestamp": "2025-01-15T10:30:45.123Z",
"command": "git reset --hard HEAD~1",
"action": "blocked",
"reason": "Destructive git reset detected",
"mode": "default",
"cwd": "/home/user/project"
}
# Destructive resets
git reset --hard
git reset --hard HEAD~1
# Discard changes
git checkout -- .
git checkout -- file.txt
# Force push
git push --force
git push -f origin main
# Stash operations
git stash clear
git stash drop
# Strict mode only
git clean -fd
git branch -D feature
git remote remove origin
# Recursive deletion of important directories
rm -rf /
rm -rf ~/
rm -rf .
rm -rf .git
# Allow safe cleanup
rm -rf /tmp/cache # ✅ Allowed
rm -rf node_modules # ✅ Allowed
# Direct wrapper
bash -c "rm -rf /"
# Nested wrappers
sh -c "bash -c 'rm -rf /'"
eval "sh -c 'bash -c \"rm -rf /\"'"
# Python
python -c 'import os; os.system("rm -rf /")'
python3 -c 'import shutil; shutil.rmtree("/")'
# Node.js
node -e 'require("child_process").execSync("rm -rf /")'
# Ruby
ruby -e 'system("rm -rf /")'
# Perl
perl -e 'system("rm -rf /")'
# Safe git operations
git checkout -b feature
git checkout main
git reset --soft HEAD~1
git push origin feature
git stash
git stash pop
# Safe filesystem operations
rm file.txt
rm -r /tmp/myapp-cache
rm -rf node_modules
mv old.txt new.txt
cp -r src/ backup/
# Safe git workflow
git add .
git commit -m "feat: add feature"
git push origin feature
git pull --rebase
git merge feature
Check plugin status and configuration:
bunx cc-safety-net --diagnose
Output example:
🛡️ Safety Net Diagnostics
✓ Plugin installed and enabled
✓ PreToolUse hook registered
✓ Status line: Active
Configuration:
Mode: strict
Worktree: disabled
Paranoid: disabled
Audit log: enabled (~/.config/cc-safety-net/audit.log)
Custom Rules:
✓ block-npm-publish
✓ allow-temp-cleanup
✗ invalid-rule (Pattern compile error)
Recent Blocks (last 24h):
- git reset --hard (2025-01-15 10:30:45)
- rm -rf / (2025-01-15 09:15:22)
Explain why a command was blocked or allowed:
bunx cc-safety-net --explain "git reset --hard"
Output:
Command: git reset --hard
Action: 🚫 BLOCKED
Reason: Destructive git reset detected
Analysis:
- Command: git reset --hard
- Flags: --hard
- Pattern matched: Destructive reset (discards uncommitted changes)
- Mode: default
- Custom rules: none matched
Safe alternatives:
- git reset --soft HEAD~1 (keeps changes staged)
- git stash (temporarily saves changes)
- git commit (save changes permanently)
Verify the plugin is working:
# Should be blocked
git reset --hard
rm -rf /tmp/test-deleteme
# Should be allowed
git checkout -b test-branch
rm -rf /tmp/cache
Expected behavior when blocked:
🛡️ Safety Net: Command blocked
Command: git reset --hard
Reason: Destructive git reset detected
This command would discard all uncommitted changes.
Safe alternatives:
- git reset --soft HEAD~1
- git stash
- git commit
bunx cc-safety-net --diagnose
/plugins
# Verify safety-net shows as enabled
/hooks
# Select safety-net and press 't'
cat ~/.config/cc-safety-net/rules.json | jq .
bunx cc-safety-net --explain "your command here"
tail -f ~/.config/cc-safety-net/audit.log
bunx cc-safety-net --statusline
cat ~/.claude/settings.json | jq .statusLine
Use custom rules to allow specific patterns:
{
"rules": [
{
"name": "allow-my-script",
"pattern": "rm -rf /tmp/myapp-build-*",
"action": "allow",
"reason": "Safe cleanup pattern"
}
]
}
Safety Net recursively analyzes 5 levels of shell wrappers. If a command still bypasses:
bunx cc-safety-net --explain "your bypassed command"
{
"rules": [
{
"name": "block-wrapper",
"pattern": "your-wrapper-pattern",
"action": "block",
"reason": "Temporary workaround"
}
]
}
# Blocked automatically
git push --force origin main
# Safe alternative shown
git push --force-with-lease origin main
{
"rules": [
{
"name": "allow-build-cleanup",
"pattern": "rm -rf (dist|build|.next|out|target)/",
"action": "allow",
"reason": "Safe to clean build directories"
}
]
}
{
"rules": [
{
"name": "block-prod-deploy",
"pattern": "(kubectl|terraform).*prod",
"action": "block",
"reason": "Use CI/CD for production"
}
]
}
{
"safety-net": {
"strict": true,
"worktree": true,
"audit": {
"enabled": true,
"logFile": "~/team-audit.log"
}
},
"rules": [
{
"name": "block-db-drops",
"pattern": "DROP (DATABASE|TABLE)",
"action": "block",
"reason": "Use migration system"
}
]
}