dangerous-action-guard
Intercepts irreversible or destructive actions and requires explicit user confirmation before proceeding
git clone --depth 1 https://github.com/ArchieIndian/openclaw-superpowers /tmp/dangerous-action-guard && cp -r /tmp/dangerous-action-guard/skills/openclaw-native/dangerous-action-guard ~/.claude/skills/dangerous-action-guardSKILL.md
# dangerous-action-guard Before executing any irreversible or high-impact action, pause and get explicit user confirmation. Log every confirmed and rejected action to an audit trail. ## Dangerous action categories | Category | Examples | |---|---| | **File destruction** | `rm -rf`, `unlink`, delete files, empty trash, wipe directories | | **Git destructive** | `git push --force`, `git reset --hard`, `git clean -f`, `git branch -D` | | **External messaging** | Send email, post to Slack/Teams/Discord, publish social post, reply-all | | **Financial** | Confirm purchase, submit payment, execute trade, cancel subscription | | **Credentials** | Rotate/delete API keys, modify OAuth apps, change passwords | | **Infrastructure** | Deploy to production, drop database, terminate server instance | | **Permission changes** | Share document, change access controls, make resource public | ## Confirmation protocol When about to execute a dangerous action: **Step 1 — Pause before the action** Do not execute the action yet. Write it to `pending_action` in state with a 5-minute expiry. **Step 2 — Describe to user** Tell the user: - What you're about to do (exact command or operation) - What it will affect (files, people, systems) - Whether it's reversible and how (if at all) **Step 3 — Wait for explicit confirmation** Accept only unambiguous affirmatives: "yes", "go ahead", "confirmed", "do it", "proceed". Do NOT proceed on: "maybe", "I think so", "sure I guess", or any other hedged response. **Step 4 — Execute within expiry window** If confirmed, execute within 5 minutes. If the session lapsed or the user is no longer active, re-confirm. **Step 5 — Log to audit trail** Write to state: action, timestamp, user confirmation phrase, outcome (executed / rejected / expired). ## Approval expiry Approvals expire after **5 minutes**. If you execute a dangerous action more than 5 minutes after receiving confirmation, re-confirm with the user. Stale approvals from prior sessions never carry over. ## Batch operations For bulk operations (e.g. "delete all temp files"), list the specific items and the count before confirming — never confirm a batch without showing scope. If scope exceeds 10 items, show first 5 and the total count. ## Audit trail Every action — confirmed or rejected — is logged to state. Use `python3 audit.py --history` to review the full trail. The audit trail is the user's safety net for disputed actions.
Syncs agent daily memory and MEMORY.md to an Obsidian vault so notes are human-browsable. Use nightly or on demand.
Structured ideation before any implementation. Use when starting any non-trivial task.
Scaffolds and validates new superpowers skills. Use when creating a new skill for this repository.
Executes plans task-by-task with verification. Use when implementing a plan.
Triggers a secondary verification pass for any agent output containing factual claims, numbers, dates, or named entities before the output is acted on
Crawls a new codebase to infer stack, conventions, and key invariants, then generates a PROJECT.md context file for the agent
Handles PR review feedback by fetching comments, grouping issues, fixing one group at a time, and verifying before replies.
Detects skill name shadowing and description-overlap conflicts that cause OpenClaw to trigger the wrong skill or silently ignore one when two skills compete for the same intent.