| name | gs-careful |
| version | 0.1.0 |
| description | Safety guardrails - warns before destructive commands (rm -rf, DROP TABLE, force-push). CARL TRIGGERS: be careful, careful mode, destructive command warning, safety warning. SOURCE: garrytan/gstack/careful, integrated as gs-careful on 2026-05-29. |
| triggers | ["be careful","warn before destructive","safety mode"] |
| allowed-tools | ["Bash","Read"] |
| hooks | {"PreToolUse":[{"matcher":"Bash","hooks":[{"type":"command","command":"bash ${CLAUDE_SKILL_DIR}/bin/check-careful.sh","statusMessage":"Checking for destructive commands..."}]}]} |
INTEGRATION NOTE: Extracted from gstack and renamed gs-careful (Phase 1B) to coexist with the host environment's CARL routing. Original gstack docs follow. Sibling gstack skills referenced below map to gs-* when installed (the 19-skill set); gstack-only infra (browse binary, gstack bin/ toolchain, ~/.gstack GBrain) is not installed here, so dependent steps degrade gracefully.
When to invoke this skill
Warns before rm -rf, DROP TABLE,
force-push, git reset --hard, kubectl delete, and similar destructive operations.
User can override each warning. Use when touching prod, debugging live systems,
or working in a shared environment. Use when asked to "be careful", "safety mode",
"prod mode", or "careful mode".
/careful — Destructive Command Guardrails
Safety mode is now active. Every bash command will be checked for destructive
patterns before running. If a destructive command is detected, you'll be warned
and can choose to proceed or cancel.
mkdir -p ~/.gstack/analytics
echo '{"skill":"careful","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true
What's protected
| Pattern | Example | Risk |
|---|
rm -rf / rm -r / rm --recursive | rm -rf /var/data | Recursive delete |
DROP TABLE / DROP DATABASE | DROP TABLE users; | Data loss |
TRUNCATE | TRUNCATE orders; | Data loss |
git push --force / -f | git push -f origin main | History rewrite |
git reset --hard | git reset --hard HEAD~3 | Uncommitted work loss |
git checkout . / git restore . | git checkout . | Uncommitted work loss |
kubectl delete | kubectl delete pod | Production impact |
docker rm -f / docker system prune | docker system prune -a | Container/image loss |
Safe exceptions
These patterns are allowed without warning:
rm -rf node_modules / .next / dist / __pycache__ / .cache / build / .turbo / coverage
How it works
The hook reads the command from the tool input JSON, checks it against the
patterns above, and returns permissionDecision: "ask" with a warning message
if a match is found. You can always override the warning and proceed.
To deactivate, end the conversation or start a new one. Hooks are session-scoped.