being-careful
This skill uses Claude hooks which can execute code automatically in response to events. Review carefully before installing.
Being Careful
Activates session-scoped safety hooks that block dangerous shell commands. Use this when working near production systems, sensitive data, or doing anything where a misfire could cause real damage.
What Gets Blocked
| Pattern | Why | Safe Alternative |
|---|---|---|
rm -rf, rm -f, rm --force |
Irreversible file deletion | trash, targeted rm on specific files |
DROP TABLE, TRUNCATE, bulk DELETE FROM |
Destructive SQL | Review and run manually |
git push --force, git push -f |
Overwrites remote history | git push --force-with-lease |
git reset --hard |
Discards uncommitted work | git stash then reset |
git clean -f |
Deletes untracked files | git stash -u |
git checkout -- . |
Discards all working changes | Stash or commit first |
git branch -D |
Force-deletes branch | git branch -d (safe delete) |
kubectl delete, kubectl --force |
Destroys cluster resources | Review and run manually |
docker system/volume/container prune |
Removes all stopped containers/volumes | Run manually with filters |
How It Works
The skill registers a PreToolUse hook on Bash that inspects each command before execution. If a dangerous pattern is matched, the command is blocked (exit code 2) and Claude sees the reason in stderr. Claude can then suggest a safer alternative.
The hooks are session-scoped — they activate when you invoke /being-careful and last until the session ends.
They do not affect other sessions or persist between sessions.
Gotchas
- The patterns use regex matching, so they may occasionally match in string literals or comments within commands. If a legitimate command is blocked, you can run it manually outside Claude.
git push --force-with-leaseis intentionally allowed — it's the safe alternative to force-push.- The hook does not block
rmwithout-rf/-fflags — targeted file removal is still permitted. - SQL patterns match case-insensitively, so
drop tableandDROP TABLEare both caught.
More from riccardogrin/skills
creating-sprites
Guides pixel-art sprite creation via OpenAI gpt-image-1.5 image generation with automated processing. Covers sizing, prompting, transparency verification, downscaling, and cropping. Use when creating game sprites or pixel art assets
18creating-skills
Guides creation of agent skills following best practices and the open format specification. Covers pattern selection, frontmatter, directory structure, reference files, validation, and iteration. Use when creating a new skill, updating SKILL.md, or asking "how to write a skill
16looping-tasks
Generates an autonomous implementation loop that executes tasks from a plan across Claude sessions, with periodic audit passes that inject follow-up tasks. Covers loop script, prompt design, and audit cadence. Use when setting up autonomous task execution or Ralph-style iterative workflows
16planning
Creates implementation-ready plans through discovery interviews, external research, and codebase analysis. Covers requirements, competitor research, architecture decisions, and change sequencing. Use when planning features, roadmaps, specs, or any work that needs discovery before coding
14listing-docs
Scans docs/ folder for markdown files with YAML front-matter and lists their summaries and read_when hints. Helps identify relevant documentation before coding. Use when starting a task, checking available docs, or asking "what docs exist
14enforcing-architecture
Sets up automated architecture enforcement via check scripts and hooks that catch layer violations on every file edit. Run after `/initializing-projects` for complex projects with 3+ distinct layers, or when no ARCHITECTURE.md exists and the codebase has clear architectural boundaries worth enforcing mechanically
14