git-guardrails-claude-code
by mattpocockgit-guardrails-claude-code adds a PreToolUse hook to block dangerous git commands before Claude Code runs them. Install it to prevent destructive pushes, hard resets, forced cleans, and branch deletes, with scoped control for this project or all projects. Useful when you need git-guardrails-claude-code for Access Control boundaries in Claude Code.
This skill scores 78/100, which means it is a solid listing candidate for Agent Skills Finder: directory users get a concrete safety workflow for blocking destructive git commands in Claude Code, with enough implementation detail to install and use it without starting from scratch. It is useful, but users should still confirm their scope choice and environment fit before adopting it.
- Explicit trigger and purpose: block dangerous git commands in Claude Code, including push, reset --hard, clean -f, and branch -D.
- Operationally actionable: includes a step-by-step setup flow plus a bundled hook script at scripts/block-dangerous-git.sh.
- Good agent leverage: uses a PreToolUse hook and shows exact settings.json snippets for project or global installation.
- Some setup assumes shell/tooling familiarity: users must copy the script, run chmod +x, and edit Claude settings correctly.
- The doc excerpt is strong on blocking behavior but light on edge-case guidance and verification steps, so adoption may require some trial-and-error.
Overview of git-guardrails-claude-code skill
What git-guardrails-claude-code does
The git-guardrails-claude-code skill adds Claude Code hooks that block dangerous git commands before they run. It is aimed at teams or solo users who want an enforcement layer, not just a polite warning, for destructive actions like git push --force, git reset --hard, git clean -f, and git branch -D.
Who should install it
Use this git-guardrails-claude-code skill if you work in repositories where accidental data loss, accidental pushes, or local history rewrites are a real risk. It is especially useful when you want Claude Code to operate inside safer boundaries for Access Control and you need those boundaries enforced consistently.
What makes it different
Unlike a prompt-only safety reminder, this skill installs a PreToolUse hook that stops the command before execution. That means the guardrail is operational, not advisory. The main tradeoff is that it only protects the commands it matches, so it is best for clear, known-bad git actions rather than general policy enforcement.
How to Use git-guardrails-claude-code skill
Install the skill and choose scope
Install with:
npx skills add mattpocock/skills --skill git-guardrails-claude-code
The first decision is scope: install for this project only or for all projects. Project scope is safer when you want to test the hook in one repo first; global scope is better if your workflow should always block these commands across Claude Code.
Read the right files first
Start with SKILL.md to understand the setup flow, then inspect scripts/block-dangerous-git.sh because that is the enforcement logic. If you are adapting the behavior, the script matters more than the prose. This is the fastest path for a practical git-guardrails-claude-code guide.
How to form a good request
The skill works best when you specify where it should apply and what you consider dangerous. A strong request looks like: “Install git-guardrails-claude-code for this project only and block push, reset --hard, clean -fd, and branch -D.” A weaker request like “make git safer” leaves the scope and policy too vague to install cleanly.
Verify and customize the hook
After copying the hook to .claude/hooks/block-dangerous-git.sh or ~/.claude/hooks/block-dangerous-git.sh, make it executable and register it in the matching settings.json. Then test a blocked command in a safe repo to confirm Claude receives the refusal message. If your team uses additional risky commands, extend the pattern list in the script rather than relying on prompt text.
git-guardrails-claude-code skill FAQ
Is this a replacement for git permissions?
No. git-guardrails-claude-code is a local Claude Code guardrail, not a server-side access control system. It can stop Claude from executing matched commands, but it does not replace branch protections, repo permissions, review rules, or remote policy.
When is this a bad fit?
Skip it if you need unrestricted git automation, or if your workflow depends on scripts that legitimately use commands like git clean -fd or git branch -D. In those cases, a broad block may create more friction than value, and a narrower rule set may be better.
Is it beginner-friendly?
Yes, if you can follow a small install sequence and edit JSON. The concept is simple, but the best results come from understanding exactly which commands you want blocked and where the hook should live. Beginners usually struggle most with scope selection, not with the hook itself.
Does ordinary prompt engineering do the same thing?
No. Prompting can ask Claude to behave cautiously, but it cannot reliably enforce command blocking. The git-guardrails-claude-code skill is useful when the decision to stop a command must happen even if the model would otherwise comply.
How to Improve git-guardrails-claude-code skill
Tighten the blocked command list
The biggest quality gain comes from matching your actual risk profile. Review whether your team needs only git push and git reset --hard, or whether git clean -f, git checkout ., and git restore . should also be blocked. Better inputs produce fewer false positives and fewer gaps.
Keep the scope deliberate
Use project scope for experiments, shared-repo onboarding, or one-off protection in a sensitive codebase. Use global scope only when you are confident the same policy should follow you everywhere. This is the main decision that changes adoption success for the git-guardrails-claude-code install.
Test the failure mode
After installation, try a command that should be blocked and confirm the refusal is clear and immediate. If the hook is too permissive, harden the pattern list; if it blocks too much, narrow the patterns or separate project-specific rules from personal rules. Treat the first run as validation, not final state.