Global Rank · of 601 Skills
destructive-command-guard AI Agent Skill
View Source: oakoss/agent-skills
CriticalInstallation
npx skills add oakoss/agent-skills --skill destructive-command-guard 34
Installs
Destructive Command Guard
A high-performance Claude Code hook that intercepts and blocks destructive commands before they execute. Written in Rust with SIMD-accelerated filtering via the memchr crate and Aho-Corasick multi-pattern matching for sub-millisecond latency. Assumes agents are well-intentioned but fallible.
Overview
DCG uses a whitelist-first architecture: safe patterns are checked before destructive patterns, and unrecognized commands are allowed by default (fail-safe). This ensures legitimate workflows are never broken while known dangerous patterns are always blocked. DCG runs as a PreToolUse hook in Claude Code, receiving JSON on stdin for each Bash tool invocation and returning exit code 0 (allow) or 2 (block). It only inspects direct Bash tool invocations, not contents of shell scripts.
The processing pipeline has four stages: JSON parsing, command normalization (strips absolute paths like /usr/bin/git), SIMD quick-reject filter (skips regex for commands without git or rm), and pattern matching. The memchr crate provides hardware-accelerated substring search (SSE2/AVX2 on x86_64, NEON on ARM), while Aho-Corasick handles multi-pattern matching in O(n) time regardless of pattern count.
DCG supports 49+ modular security packs organized by category (git, filesystem, databases, containers, Kubernetes, cloud providers, infrastructure tools). Core packs (core.git, core.filesystem) are always enabled; additional packs are configured via ~/.config/dcg/config.toml or the DCG_PACKS environment variable. The dcg scan subcommand can also audit files for destructive command contexts, suitable for CI integration.
DCG is not published on crates.io; it is installed from GitHub via cargo +nightly install or prebuilt binaries for Linux, macOS, and Windows WSL. The threat model assumes agents are well-intentioned but fallible; DCG catches honest mistakes, not adversarial attacks.
Quick Reference
| Category | Blocked Commands |
|---|---|
| Uncommitted work | git reset --hard, git checkout -- <file>, git restore <file>, git clean -f |
| Remote history | git push --force / -f, git branch -D |
| Stashed work | git stash drop, git stash clear |
| Filesystem | rm -rf (outside /tmp, /var/tmp, $TMPDIR) |
| Category | Allowed Commands |
|---|---|
| Safe git | git status, git log, git diff, git add, git commit, git push, git pull, git fetch, git branch -d, git stash, git stash pop |
| Safe patterns | git checkout -b, git restore --staged, git clean -n, git push --force-with-lease |
| Temp dirs | rm -rf /tmp/*, rm -rf $TMPDIR/* |
| Setting | Value |
|---|---|
| Exit code (safe) | 0 |
| Exit code (blocked) | 2 |
| Default behavior | Allow (fail-safe) |
| Pattern priority | Safe checked first, then destructive |
| Safe patterns | 34 |
| Destructive patterns | 16 |
| Pack Category | Examples |
|---|---|
| Core (default) | core.git, core.filesystem |
| Database | database.postgresql, database.mysql, database.mongodb |
| Containers | containers.docker, containers.compose, containers.podman |
| Kubernetes | kubernetes.kubectl, kubernetes.helm, kubernetes.kustomize |
| Cloud | cloud.aws, cloud.gcp, cloud.azure |
| Infrastructure | infrastructure.terraform, infrastructure.ansible |
| System | system.disk, system.permissions, system.services |
| Other | strict_git, package_managers |
| Environment Variable | Purpose |
|---|---|
DCG_PACKS |
Enable packs (comma-separated) |
DCG_DISABLE |
Disable specific packs |
DCG_VERBOSE |
Verbose output |
DCG_BYPASS |
Bypass DCG entirely (escape hatch) |
DCG_COLOR |
Color mode (auto, always, never) |
| Installation Method | Command |
|---|---|
| Quick install | curl -fsSL ".../install.sh" | bash -s -- --easy-mode |
| From source | cargo +nightly install --git https://github.com/Dicklesworthstone/destructive_command_guard destructive_command_guard |
| Prebuilt binaries | Linux x86_64, Linux ARM64, macOS Intel, macOS Apple Silicon, Windows WSL |
| Processing Stage | Description |
|---|---|
| JSON parsing | Reads PreToolUse hook input, allows non-Bash tools |
| Normalization | Strips absolute paths (/usr/bin/git becomes git) |
| SIMD quick-reject | memchr substring search skips regex for irrelevant commands |
| Pattern matching | Safe patterns first, then destructive, default allow |
Common Mistakes
| Mistake | Correct Pattern |
|---|---|
| Forgetting to restart Claude Code after adding the hook | Always restart Claude Code after modifying ~/.claude/settings.json |
Using DCG_BYPASS=1 permanently in shell profile |
Only set bypass temporarily for a single command, then remove it |
| Assuming DCG inspects commands inside scripts | DCG only inspects direct Bash tool invocations, not contents of ./deploy.sh |
Blocking git branch -d (lowercase) thinking it is destructive |
Lowercase -d is safe (merge-checked); only uppercase -D force-deletes |
| Not enabling database or cloud packs for production environments | Configure relevant packs in ~/.config/dcg/config.toml for your stack |
| Expecting DCG to stop malicious actors | DCG catches honest mistakes; determined users can always bypass the hook |
Running cargo install without nightly toolchain |
DCG requires Rust nightly (edition 2024); use cargo +nightly install |
Delegation
- Audit which destructive commands an agent session has attempted: Use
Exploreagent - Set up DCG with custom packs for a new project environment: Use
Taskagent - Plan a layered safety architecture combining DCG with other guardrails: Use
Planagent
References
Installs
Security Audit
View Source
oakoss/agent-skills
More from this source
EU-Hosted Inference API Power your AI Agents with
the best open-source models.
Drop-in OpenAI-compatible API. No data leaves Europe.
Explore Inference APIGLM
GLM 5
$1.00 / $3.20
per M tokens
Kimi
Kimi K2.5
$0.60 / $2.80
per M tokens
MiniMax
MiniMax M2.5
$0.30 / $1.20
per M tokens
Qwen
Qwen3.5 122B
$0.40 / $3.00
per M tokens
How to use this skill
Install destructive-command-guard by running npx skills add oakoss/agent-skills --skill destructive-command-guard in your project directory. Run the install command above in your project directory. The skill file will be downloaded from GitHub and placed in your project.
No configuration needed. Your AI agent (Claude Code, Cursor, Windsurf, etc.) automatically detects installed skills and uses them as context when generating code.
The skill enhances your agent's understanding of destructive-command-guard, helping it follow established patterns, avoid common mistakes, and produce production-ready output.
What you get
Skills are plain-text instruction files — not executable code. They encode expert knowledge about frameworks, languages, or tools that your AI agent reads to improve its output. This means zero runtime overhead, no dependency conflicts, and full transparency: you can read and review every instruction before installing.
Compatibility
This skill works with any AI coding agent that supports the skills.sh format, including Claude Code (Anthropic), Cursor, Windsurf, Cline, Aider, and other tools that read project-level context files. Skills are framework-agnostic at the transport level — the content inside determines which language or framework it applies to.
Made in Europe Chat with 100+ AI Models in one App.
Use Claude, ChatGPT, Gemini alongside with EU-Hosted Models like Deepseek, GLM-5, Kimi K2.5 and many more.
