npx skills add https://github.com/cfircoo/claude-code-toolkit --skill damage-controlSKILL.md
<protection_levels>
| Level | Read | Write | Edit | Delete | Use Case |
|---|---|---|---|---|---|
| zeroAccessPaths | No | No | No | No | Secrets, credentials, .env files |
| readOnlyPaths | Yes | No | No | No | System configs, lock files, build artifacts |
| noDeletePaths | Yes | Yes | Yes | No | Important project files, .git/, LICENSE |
| </protection_levels> |
<how_it_works> PreToolUse hooks intercept tool calls at three points:
- Bash Hook - Evaluates commands against regex patterns and path restrictions
- Edit Hook - Validates file paths before modifications
- Write Hook - Checks paths before file creation
Exit codes:
0= Allow operation0+ JSON = Ask for confirmation (triggers dialog)2= Block operation (stderr fed back to Claude)
Ask patterns: Some operations trigger confirmation dialogs instead of blocking:
git checkout -- .(discards changes)git stash drop(deletes stash)DELETE FROM table WHERE id=X(SQL with specific ID) </how_it_works>
<quick_start> Interactive installation:
/damage-control install
Or ask Claude:
"Install damage control security hooks" "Set up protection for my project" </quick_start>
- Install - Set up damage control hooks (global, project, or personal)
- Modify - Add/remove protected paths or blocked commands
- Test - Validate hooks are working correctly
- List - View all active protections across all levels
Wait for response before proceeding.
Direct command routing (skip menu):
- "add ~/.credentials to zero access" → Execute directly, then restart reminder
- "block npm publish command" → Execute directly, then restart reminder
- "protect /secrets folder" → Execute directly, then restart reminder
After reading the workflow, follow it exactly.
<blocked_commands_summary> Destructive file operations:
rm -rf,rm --recursive,sudo rmchmod 777,chown -R root
Git destructive:
git reset --hard,git push --force(not --force-with-lease)git clean -fd,git stash clear,git filter-branch
Cloud destructive:
- AWS:
terminate-instances,delete-db-instance,delete-stack - GCP:
projects delete,instances delete,clusters delete - Docker:
system prune -a,volume rm - Kubernetes:
delete namespace,delete all --all
Database destructive:
DELETE FROM table;(no WHERE clause)DROP TABLE,DROP DATABASE,TRUNCATE TABLEredis-cli FLUSHALL,dropdb
See scripts/patterns.yaml for complete list. </blocked_commands_summary>
<settings_locations>
| Level | Settings Path | Hooks Path | Scope |
|---|---|---|---|
| Global | ~/.claude/settings.json | ~/.claude/hooks/damage-control/ | All projects |
| Project | .claude/settings.json | .claude/hooks/damage-control/ | Team-shared |
| Personal | .claude/settings.local.json | .claude/hooks/damage-control/ | Just you |
| </settings_locations> |
<runtime_requirements> Python with UV (Recommended):
# macOS/Linux
curl -LsSf https://astral.sh/uv/install.sh | sh
# Windows
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
TypeScript with Bun (Alternative):
# macOS/Linux
curl -fsSL https://bun.sh/install | bash && bun add yaml
# Windows
powershell -c "irm bun.sh/install.ps1 | iex" && bun add yaml
</runtime_requirements>
<critical_reminder> IMPORTANT: After any installation or modification:
Restart your agent for changes to take effect.
Hooks are only loaded at agent startup. Run /hooks after restart to verify.
</critical_reminder>
<workflows_index>
| Workflow | Purpose |
|---|---|
| workflows/install.md | Interactive installation at any settings level |
| workflows/modify.md | Add/remove protected paths and blocked commands |
| workflows/test.md | Validate all hooks are working correctly |
| workflows/list.md | View all active protections |
| </workflows_index> |
<scripts_index>
| Script | Purpose |
|---|---|
| scripts/bash-tool-damage-control.py | PreToolUse hook for Bash commands |
| [scripts/edit-tool-damage-control. |
...
