返回 Skill 列表
extension
分类: 其它无需 API Key

Modeio Guardrail

对可能触发工具执行、外部调用、文件编辑、权限更改、破坏性或不可逆操作的指令进行实时安全分析。

person作者: egbertjinghubclawhub

Run live instruction safety checks

Use this skill to gate instructions that may trigger tools or state changes behind a backend-backed safety decision before execution.

This skill is for live instruction and operation safety only. For pre-install repository auditing, use modeio-skill-audit.

Tool routing

  1. Use scripts/safety.py for instruction and operation safety checks.
  2. Run the check before executing any instruction that may trigger tool use, external calls, file edits, permission changes, or other state changes.
  3. For state-changing work, provide both --context and --target.
  4. If the safety check cannot be completed, treat the operation as unverified.

Dependencies

  • requests is required for scripts/safety.py.
  • For repo-local setup from the repo root:
python scripts/bootstrap_env.py
python scripts/doctor_env.py

Context contract

Pass --context as JSON with these keys:

{
  "environment": "local-dev|ci|staging|production|unknown",
  "operation_intent": "read-only|cleanup|maintenance|migration|permission-change|destructive|unknown",
  "scope": "single-resource|bounded-batch|broad|unknown",
  "data_sensitivity": "public|internal|sensitive|regulated|unknown",
  "rollback": "easy|partial|none|unknown",
  "change_control": "ticket:<id>|approved-manual|none|unknown"
}

--target must be a concrete resource identifier such as an absolute path, table name, service name, or URL.

Script

scripts/safety.py

python scripts/safety.py -i "Delete /tmp/cache/build-123.log" \
  -c '{"environment":"local-dev","operation_intent":"cleanup","scope":"single-resource","data_sensitivity":"internal","rollback":"easy","change_control":"none"}' \
  -t "/tmp/cache/build-123.log" --json

python scripts/safety.py -i "DROP TABLE users" \
  -c '{"environment":"production","operation_intent":"destructive","scope":"broad","data_sensitivity":"regulated","rollback":"none","change_control":"ticket:DB-9021"}' \
  -t "postgres://prod/maindb.users" --json

Action policy

| approved | risk_level | Agent action | |---|---|---| | true | low | Proceed. | | true | medium | Proceed and mention the risk. | | false | medium | Require explicit confirmation before proceeding. | | false | high | Block by default and require explicit override. | | false | critical | Block and require explicit acknowledgement before any override. |

If the check fails with network/API/dependency issues, do not silently proceed.

When not to use

  • Pre-install or repository-level inspection that should happen before any execution attempt
  • Pure planning, summarization, or clearly read-only analysis with no tool call or state-change path
  • Data transformation tasks that need to rewrite or mask content rather than score runtime safety
  • Local routing or middleware scenarios where you need to sit in front of upstream model traffic

Resources

  • scripts/safety.py — live safety check entry point
  • ARCHITECTURE.md — command-safety package boundaries