claude-code-safety-net
Verified Safeby waleedkhanbaloch
Overview
The application acts as a safety shield for AI coding agents, preventing the execution of harmful Git and filesystem commands to protect user data and systems.
Installation
npx -y cc-safety-net --claude-codeEnvironment Variables
- SAFETY_NET_STRICT
- SAFETY_NET_PARANOID
- SAFETY_NET_PARANOID_RM
- SAFETY_NET_PARANOID_INTERPRETERS
Security Notes
The project is explicitly designed for security, implementing defense-in-depth measures such as strict and paranoid modes, recursive command analysis for nested shell calls (e.g., `bash -c`), detection of dangerous interpreter one-liners, and audit logging with secret redaction. Input parsing for hooks uses `JSON.parse` and tokenization relies on `shell-quote`, which is used with precautions (e.g., `ENV_PROXY` to prevent premature variable expansion). Path sanitization is performed for audit log filenames. While shell parsing is inherently complex and can hide subtle bypasses, the comprehensive set of rules and defensive coding practices indicate a strong focus on safety. The plugin operates locally and does not introduce external network risks during command analysis.
Similar Servers
DesktopCommanderMCP
This server empowers AI agents to search, update, manage files, and execute terminal commands on a local or containerized desktop environment. It provides enhanced filesystem operations, process control, and data analysis capabilities with support for various file types like text, Excel, and PDF.
consult-llm-mcp
An MCP server that allows AI agents like Claude Code to consult stronger, more capable AI models (e.g., GPT-5.2, Gemini 3.0 Pro) for complex code analysis, debugging, and architectural advice.
wpcs-mcp-server
Integrates WordPress Coding Standards (WPCS) checks and automatic fixes with Claude AI for WordPress plugin/theme development workflows.
defenter-proxy
Provides real-time semantic security and data leak prevention for AI coding agents and MCP tools by intercepting and analyzing prompts and actions within the IDE.