Command Guard
AI agents like Claude Code execute shell commands — fast, helpful, and sometimes one
rm -rf too far. Command Guard checks every command
before it runs and blocks destructive ones like git push --force,
DROP TABLE or docker system prune.
Why a command guard?
A single careless command can cost hours of work, a database or a server. Command Guard is the checkpoint in between: your agent asks, the guard answers allow or block — including the reason and a safer alternative the agent can propose to you right away.
Blocks before it happens
Your agent calls check_command BEFORE executing a command — and gets back "allow" or "block" with a reason and a safer alternative.
7 curated protection packs
Git, filesystem, disks, databases, containers, cloud and system — the classic data-loss patterns are covered from minute one (pre-selected: all active).
Your own list
Every account has a personal allow and deny list — edit it in the browser, one entry per line, applied instantly. Plus a test field for live checks.
One server, everywhere
Runs as a tool on your personal MCP server mcp.beckmann.ai — works in Claude, Claude Code and ChatGPT. Free, all you need is an account.
Set up in 3 steps
- Sign in & enable the tool. Sign up for free on the configuration page and switch on Command Guard. The protection packs come pre-selected — you edit your personal allow/deny list right there.
- Connect the MCP server. One server URL for everything — in Claude Code all it takes is:
In claude.ai and ChatGPT, add the URL as a custom connector (instructions on My MCP Server).claude mcp add --transport http beckmann-ai https://mcp.beckmann.ai - Put the rule into your project. To make the agent check every command,
add this instruction to your project instructions (e.g. CLAUDE.md):
## Safety: Command Guard Before EVERY shell execution, call the MCP tool `check_command` (beckmann-ai) with the full command line. If it answers "block", do NOT run the command — state the reason and propose the safe alternative.
Configure it right — no false alarms, no gaps
- Keep the pre-selection active: All 7 protection packs are pre-selected for new accounts — they cover the most common destructive patterns. Only disable a pack if you deliberately secure that area yourself.
- Put project specifics on the deny list: Anything that should never run automatically in your project (e.g. npm publish or a deploy script) goes on your deny list as its own line.
- Use the allow list sparingly: Allow-list entries override ALL rules. Use them only for deliberate exceptions — say, docker compose down -v in a throwaway development environment.
- Verify with the test field: The configuration page has a test field: type a command, check it, done. You see exactly what would be blocked before the first agent run — no surprises.
- Put the instruction into your project: To make sure your agent actually checks every command, the rule belongs in your project instructions (CLAUDE.md, system prompt or similar) — copy-paste template above.
Frequently asked questions
What is Command Guard?
Command Guard is an MCP tool (check_command) on the personal MCP server mcp.beckmann.ai. An AI agent passes it a shell command line and gets back whether it is allowed or blocked — with a reason and a safer alternative. Commands are checked against curated protection packs (git, filesystem, disks, databases, containers, cloud, system) and the account’s personal allow/deny list.
Does Command Guard prevent every harmful execution?
No — it is a safety net, not a replacement for sandboxing or permissions. It reliably blocks known destructive patterns, but relies on the agent calling the tool before execution (that’s what the project instruction is for). Combine it with your agent’s permission settings.
What does Command Guard cost?
Nothing. All you need is a free beckmann.ai account to enable the tool and edit your rules.
Where do the protection rules come from?
The rule set is inspired by the open-source project destructive_command_guard, which blocks destructive commands as a local hook. Command Guard brings that principle to the cloud as an MCP tool — with a personal, browser-editable configuration per account.
Automate safely — starting with the next command
Free, active in minutes, adjustable anytime.
The rule set is inspired by the open-source project destructive_command_guard. More tools: MCP marketplace · My MCP Server · WebMCP live checker.