Dangerous Command Guard
A seatbelt for your shell. rm -rf pauses for confirmation. Because undo doesn't exist in terminals.
Questions this answers
- How do I prevent accidental rm -rf in the terminal?
- Is there a terminal guard for dangerous commands like dd or mkfs?
- Terminal paste hidden characters attack: how to protect against ClickFix?
- Can a terminal emulator block destructive commands before execution?
How it works
Chau7 maintains a curated ruleset of dangerous command patterns: rm with recursive or force flags, dd targeting block devices, mkfs, chmod 777 on root paths, and more. When a command matches, execution is paused and a confirmation dialog appears showing exactly what the command will do, which paths it affects, and the potential consequences.
The guard operates at the terminal input layer, not as a shell alias or wrapper. This means it works regardless of which shell you use (zsh, bash, fish) and catches commands pasted from the clipboard: including those containing hidden Unicode characters or embedded newlines used in ClickFix-style social engineering attacks that surged through 2025.
Rules are fully configurable. You can add your own patterns, whitelist trusted directories, or adjust severity levels. The guard distinguishes between high-risk operations (immediate data loss) and medium-risk ones (recoverable but disruptive), applying different confirmation requirements to each.
Why it matters
Every developer has a horror story about a misplaced rm -rf or a dd that targeted the wrong device. Shell aliases and confirmation functions are fragile and easy to bypass. Chau7's dangerous command guard intercepts known destructive commands at the terminal level, before the shell sees them, and presents a confirmation dialog. It is a seatbelt, not a cage: experienced drivers still wear them.
Frequently asked questions
Does the guard slow down normal commands?
No. Pattern matching runs in microseconds on every command submission. You will not notice any delay for safe commands. Only when a dangerous pattern is detected does the confirmation dialog appear.
Can I disable the guard for specific directories?
Yes. You can whitelist directories, specific command patterns, or even disable the guard entirely per-tab if you are running automated scripts that need uninterrupted execution.
Does it catch pasted commands with hidden characters?
Yes. The guard inspects the actual bytes being sent to the shell, not just visible text. Hidden Unicode control characters, zero-width spaces, and embedded newlines are all detected and flagged before execution.