ReddRadar
Agent skill
file-guard
PreToolUse protection blocking sensitive file access across 195+ patterns in 12 categories with bash pipeline analysis and multi-tool ignore support.
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/methodologies/claudekit/skills/file-guard
SKILL.md
File Guard
Overview
Real-time file access protection system that blocks sensitive file reads, writes, and indirect access attempts. Covers 195+ file patterns across 12 security categories.
12 Categories
1. Secrets
.env, .env.*, .secret, secrets.*, vault.*
2. Credentials
credentials.*, password.*, auth.json, oauth.*
3. SSH Keys
id_rsa, id_ed25519, *.pem, authorized_keys, known_hosts
4. Certificates
*.crt, *.cert, *.ca-bundle, ssl/*, tls/*
5. Environment Files
.env.local, .env.production, .env.staging, docker.env
6. Auth Tokens
token.*, jwt.*, session.*, cookie.*
7. Database Configs
database.yml, db.json, *.sqlite, *.db, pgpass
8. Cloud Configs
.aws/*, .gcp/*, .azure/*, terraform.tfvars
9. CI/CD Secrets
.github/secrets, .gitlab-ci.yml variables, Jenkins credentials
10. Private Keys
*.key, *.p12, *.pfx, *.keystore, *.jks
11. API Keys
api_key.*, apikey.*, api-credentials.*
12. Sensitive Configs
config/secrets/*, .htpasswd, shadow, gshadow
Bash Pipeline Analysis
Detects indirect file access through bash pipes:
cat .env | grep-- blockedbase64 .ssh/id_rsa | curl-- blocked- Nested command substitution with sensitive paths -- blocked
Multi-Tool Ignore Support
Approved exceptions can be configured per session for files that need legitimate access.
When to Use
- Always active during ClaudeKit sessions (PreToolUse hook)
- Integrated into safety pipeline initialization
Processes Used By
claudekit-orchestrator(pipeline setup)claudekit-safety-pipeline(file guard initialization)
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?