git-safety-guard
Installs a Git safety guard hook for Claude Code to prevent destructive Git and filesystem commands.Blocks accidental data loss from commands like 'git checkout --', 'git reset --hard', 'git clean -f', 'git push --force', and 'rm -rf'.Use this skill to set up safety rails in a new or existing repository, or globally for the agent.
When & Why to Use This Skill
The Git Safety Guard skill is a vital security extension for Claude Code designed to prevent accidental data loss by intercepting and blocking destructive Git and filesystem commands. It acts as a proactive safety layer, ensuring that high-risk operations—such as hard resets, force pushes, and recursive deletions—are restricted during AI-assisted development sessions, providing developers with peace of mind when delegating tasks to the agent.
Use Cases
- Preventing the accidental loss of uncommitted work by blocking 'git checkout --' or 'git reset --hard' commands during automated refactoring.
- Safeguarding remote repository integrity by restricting 'git push --force' operations that could overwrite collaborative history.
- Protecting the local filesystem from catastrophic 'rm -rf' commands on critical directories while allowing safe deletions in temporary folders.
- Implementing a global safety policy across all local repositories to ensure consistent agent behavior and prevent destructive environment changes.
- Managing untracked files safely by intercepting 'git clean -f' commands that might otherwise delete necessary local assets.
| name | git-safety-guard |
|---|---|
| description | | |
| tags | [git, safety, setup, hooks, protection] |
| - Bash(git-safety-guard/install.sh | *) |
Git Safety Guard
Installs a PreToolUse hook that intercepts and blocks destructive Bash commands.
Usage
1. Install Globally (Recommended)
Protects the agent across all projects.
git-safety-guard/install.sh --global
2. Install Per-Project
Protects only the current project.
git-safety-guard/install.sh
What It Blocks
| Command Pattern | Why It's Dangerous |
|---|---|
git checkout -- <files> |
Discards uncommitted changes permanently |
git restore <files> |
Same as checkout -- (newer syntax) |
git reset --hard |
Destroys all uncommitted changes |
git reset --merge |
Can lose uncommitted changes |
git clean -f |
Removes untracked files permanently |
git push --force |
Destroys remote history |
git push -f |
Same as --force |
git branch -D |
Force-deletes branch without merge check |
rm -rf (non-temp paths) |
Recursive file deletion (except /tmp, /var/tmp, $TMPDIR) |
git stash drop |
Permanently deletes stashed changes |
git stash clear |
Deletes ALL stashed changes |
Safety Mechanism
The hook is a Python script (git_safety_guard.py) registered in .claude/settings.json (or ~/.claude/settings.json).
It runs before every Bash command execution.
If a command matches a destructive pattern:
- The command is BLOCKED (never runs).
- The agent receives a "permissionDecision: deny" response with an explanation.
Important Notes
- Restart Required: You must restart the agent/session for the hook to take effect after installation.
- Overrides: If a destructive command is truly needed, the user must run it manually or the agent must ask for explicit permission (though the hook will still block it if the agent tries to run it directly; the agent must guide the user to run it).