What is the HardStop Claude Code skill?

HardStop is a safety layer that monitors AI-generated shell commands, blocking destructive actions and requiring user confirmation for risky operations to prevent system damage.

Does HardStop protect against prompt injection?

Yes, it specifically looks for patterns where an AI might be manipulated into running malicious commands disguised as legitimate system tasks or instructions.

How does HardStop handle package managers?

It monitors package manager operations (apt, dpkg, rpm) for dangerous force flags that could bypass system safety checks and leave the OS in an unstable state.

Which platforms does HardStop support?

The skill provides comprehensive coverage for Unix-based systems (Linux/macOS), Windows environments, and major cloud providers via their respective CLIs.

Can I still run commands that HardStop flags as risky?

Yes. While HardStop blocks 'Instant Block' patterns (like rm -rf /), it allows 'Risky' and 'Dangerous' commands to proceed if the user provides explicit, informed consent.

HardStop Command Safety

Name: HardStop Command Safety
Author: frmoretto

byfrmoretto

•

Security & Testing

Protects your system from dangerous AI-generated shell commands and hallucinations through real-time safety validation.

About

HardStop provides a critical safety layer for Claude Code by implementing a mandatory pre-execution protocol that prevents the execution of destructive commands. It acts as a mechanical brake for the agentic AI era, identifying high-risk patterns—such as recursive deletions, system-level modifications, and credential exfiltration—before they can cause harm. By categorizing actions into Safe, Risky, and Dangerous tiers, it ensures developers maintain full control over their environment while benefiting from AI automation without the fear of accidental system damage or prompt injection attacks.

Key Features

Real-time detection and blocking of destructive Unix and Windows commands
Protection against exfiltration of sensitive files like SSH keys and AWS credentials
Safety validation for Cloud CLIs (AWS, GCP, kubectl) and package managers (apt, dpkg, rpm)
Multi-tier risk assessment (SAFE/RISKY/DANGEROUS) with tailored response protocols
Detection of hidden threats within shell wrappers like xargs, find -exec, and bash -c
6 GitHub stars

Use Cases

Validating AI-suggested commands from Stack Overflow or external documentation before execution
Preventing accidental system destruction during complex terminal-based automation
Securing the development environment against malicious code execution from prompt injections

About

Key Features

Real-time detection and blocking of destructive Unix and Windows commands
Protection against exfiltration of sensitive files like SSH keys and AWS credentials
Safety validation for Cloud CLIs (AWS, GCP, kubectl) and package managers (apt, dpkg, rpm)
Multi-tier risk assessment (SAFE/RISKY/DANGEROUS) with tailored response protocols
Detection of hidden threats within shell wrappers like xargs, find -exec, and bash -c
6 GitHub stars

Use Cases

Validating AI-suggested commands from Stack Overflow or external documentation before execution
Preventing accidental system destruction during complex terminal-based automation
Securing the development environment against malicious code execution from prompt injections