一键导入
damage-control
Security protection system that blocks dangerous commands and protects sensitive files
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Security protection system that blocks dangerous commands and protects sensitive files
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | damage-control |
| description | Security protection system that blocks dangerous commands and protects sensitive files |
| triggers | ["damage control","security protection","block dangerous commands","protect files","file protection","command protection"] |
You are helping a user with the damage-control security plugin. This plugin provides defense-in-depth protection for Claude Code by intercepting tool calls before execution.
The damage-control plugin uses PreToolUse hooks to:
rm -rf, git push --force, database drops, cloud resource deletions| Level | Read | Write | Edit | Delete | Examples |
|---|---|---|---|---|---|
| zeroAccessPaths | Blocked | Blocked | Blocked | Blocked | ~/.ssh/, ~/.aws/, .env files, *.pem |
| readOnlyPaths | Allowed | Blocked | Blocked | Blocked | /etc/, lock files, node_modules/ |
| noDeletePaths | Allowed | Allowed | Allowed | Blocked | .git/, LICENSE, README.md |
The protection patterns are defined in patterns.yaml. Users can customize:
Some patterns use ask: true to prompt for confirmation instead of blocking outright:
git checkout -- . (discards uncommitted changes)git stash drop (permanently deletes a stash)This plugin requires uv (Python package runner) to be installed:
curl -LsSf https://astral.sh/uv/install.sh | sh
Try these commands to verify the hooks are working:
# Should be blocked (dangerous command pattern: rm with -rf flags)
rm -rf /tmp/test
# Should be blocked (zero-access path: ~/.ssh/)
cat ~/.ssh/id_rsa
# Should prompt for confirmation (ask pattern: discards uncommitted changes)
git checkout -- .
To add custom patterns, edit the patterns.yaml file in the plugin directory. For example, to block a specific command:
bashToolPatterns:
- pattern: '\bmy-dangerous-command\b'
reason: Custom blocked command
Or to protect a custom path:
zeroAccessPaths:
- "~/.my-secrets/"
- "*.secret"
Fork terminal sessions to spawn parallel AI agents or CLI commands in new terminal windows. Supports git worktrees for isolated parallel development.
Local code review using CodeRabbit CLI. Use when user wants to review changes before committing or pushing.
UI/UX design intelligence. 57 styles, 96 palettes, 50 font pairings, 25 charts, 11 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind, shadcn/ui). Search and apply design best practices.
Use when the user asks for a "second opinion", "third opinion", "what does GLM/Gemini think", or wants another model to weigh in on code, design, or review. Routes to the consult plugin's CLI which calls z.ai (GLM-5.2) or Gemini directly via API.
Automatically assist with Bambu Lab X1Plus 3D printer operations via the bambu CLI. Covers status checks, file transfer, print control, calibration, filament management, camera analysis, diagnostics, and SSH commands.
Auto-triggered skill for managing UniFi network devices, clients, sites, and diagnostics via the unifi CLI.