careful
- Repo stars 110,511
- Forks 16,437
- Author updated Jun 14, 2026, 06:40 PM
- Author repo gstack
- Domain
- Other
- Compatible agents
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- Trust score
- 87 / 100 · community maintained
- Author / version / license
- @garrytan · v0.1.0 · no license declared
- Token usage
- Lean
- Setup complexity
- Manual integration
- External API key
- Not required
- Operating systems
- Docker
- Runtime requirements
- Bun · Docker
- Permissions
-
- Read-only
- Write / modify
- Network behavior
- Local-only
- Install commands
- 26 variants
Profile is derived at build time from SKILL.md and install vectors. Subject to drift from author intent.
Heads up: 未限定 allowed-tools,默认拥有全部工具权限。; 检出高风险片段:rm_rf_root
---
name: careful
description: Safety guardrails for destructive commands. (gstack) Use when touching prod, debugging live syst…
category: other
runtime: Bun / Docker
---
# careful output preview
## PART A: Task fit
- Use case: Safety guardrails for destructive commands. (gstack) Use when touching prod, debugging live systems,. <!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly --> runs entirely locally; runs on Bun. Works with Claude Code, Cursor, Cline and 23 more..
- Inputs: target material, constraints, expected output, and acceptance criteria.
- Evidence boundary: follow “When to invoke this skill / What's protected / Safe exceptions” and do not present inference as author intent.
## PART B: Execution result
- **01** The card summarizes the use case; runtime output centers on “Safety guardrails for destructive commands. (gstack) Use when touching prod, debugging live systems,. <!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly --> runs entirely locally; runs on Bun. Works with Claude Code, Cursor, Cline and 23 more.”.
- **02** When the source has headings, the agent prioritizes “When to invoke this skill / What's protected / Safe exceptions” so the result follows the author’s structure.
- **03** Typical output includes task judgment, concrete steps, required commands or file edits, validation, and follow-up options.
- **04** Risk context follows the fingerprint: read files, write/modify files; mostly runs locally; usually needs no extra API key.
## Running Rules
- read files, write/modify files; mostly runs locally; usually needs no extra API key.
- Validate with a small sample before expanding scope.
- Return the result, validation criteria, and next iteration options. The source mentions slash commands such as `/careful`, `/var`; use them first when your agent supports command triggers.
Name target files or source material, expected output, forbidden changes, and whether network or shell access is allowed. Permission fingerprint: read files, write/modify files.
Start with a small task and check whether the result follows “When to invoke this skill / What's protected / Safe exceptions”. Inspect diffs, logs, previews, or tests before expanding scope.
Confirm the final output includes a concrete result, evidence, and next action. If it stays generic, tighten inputs, boundaries, and acceptance criteria.
---
name: careful
description: Safety guardrails for destructive commands. (gstack) Use when touching prod, debugging live syst…
category: other
source: garrytan/gstack
---
# careful
## When to use
- Safety guardrails for destructive commands. (gstack) Use when touching prod, debugging live systems,. <!-- AUTO-GENERA…
- Use it when the task has clear inputs, repeatable steps, and validation criteria.
## What to provide
- Target material, scope, expected result, and forbidden changes.
- Whether network, commands, file writes, or external services are allowed.
## Execution rules
- Organize steps around “When to invoke this skill / What's protected / Safe exceptions” and keep inference separate from source facts.
- read files, write/modify files; mostly runs locally; usually needs no extra API key.
- Validate with a small sample before expanding the task.
## Output requirements
- Return the deliverable, key evidence, validation method, and next action.
- Mark missing information as unknown; do not invent commands, platforms, or dependencies. The author source anchors workflow facts; repository files anchor sources and commands; Fluxly only adds fit, limitations, and quality judgment.
skill "careful" {
input -> user goal + target files + boundaries + acceptance criteria
context -> When to invoke this skill / What's protected / Safe exceptions
rules -> SKILL.md triggers / order / output contract
runtime -> Bun / Docker | read files, write/modify files | mostly runs locally
guardrails -> usually needs no extra API key + small-sample validation + diff/log review
output -> copyable result + checklist + next iteration
} When to invoke this skill
Warns before rm -rf, DROP TABLE, force-push, git reset --hard, kubectl delete, and similar destructive operations. User can override each warning. Use when touching prod, debugging live systems, or working in a shared environment. Use when asked to "be careful", "safety mode", "prod mode", or "careful mode".
/careful — Destructive Command Guardrails
Safety mode is now active. Every bash command will be checked for destructive patterns before running. If a destructive command is detected, you'll be warned and can choose to proceed or cancel.
mkdir -p ~/.gstack/analytics
echo '{"skill":"careful","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true
What's protected
| Pattern | Example | Risk |
|---|---|---|
rm -rf / rm -r / rm --recursive |
rm -rf /var/data |
Recursive delete |
DROP TABLE / DROP DATABASE |
DROP TABLE users; |
Data loss |
TRUNCATE |
TRUNCATE orders; |
Data loss |
git push --force / -f |
git push -f origin main |
History rewrite |
git reset --hard |
git reset --hard HEAD~3 |
Uncommitted work loss |
git checkout . / git restore . |
git checkout . |
Uncommitted work loss |
kubectl delete |
kubectl delete pod |
Production impact |
docker rm -f / docker system prune |
docker system prune -a |
Container/image loss |
Safe exceptions
These patterns are allowed without warning:
rm -rf node_modules/.next/dist/__pycache__/.cache/build/.turbo/coverage
How it works
The hook reads the command from the tool input JSON, checks it against the
patterns above, and returns permissionDecision: "ask" with a warning message
if a match is found. You can always override the warning and proceed.
To deactivate, end the conversation or start a new one. Hooks are session-scoped.
Decide Fit First
Design Intent
How To Use It
Boundaries And Review