← All MCP tools

Command Guard

AI agents like Claude Code execute shell commands — fast, helpful, and sometimes one rm -rf too far. Command Guard checks every command before it runs and blocks destructive ones like git push --force, DROP TABLE or docker system prune.

Set it up for free How it works

Why a command guard?

A single careless command can cost hours of work, a database or a server. Command Guard is the checkpoint in between: your agent asks, the guard answers allow or block — including the reason and a safer alternative the agent can propose to you right away.

Blocks before it happens

Your agent calls check_command BEFORE executing a command — and gets back "allow" or "block" with a reason and a safer alternative.

7 curated protection packs

Git, filesystem, disks, databases, containers, cloud and system — the classic data-loss patterns are covered from minute one (pre-selected: all active).

Your own list

Every account has a personal allow and deny list — edit it in the browser, one entry per line, applied instantly. Plus a test field for live checks.

One server, everywhere

Runs as a tool on your personal MCP server mcp.beckmann.ai — works in Claude, Claude Code and ChatGPT. Free, all you need is an account.

Set up in 3 steps

  1. Sign in & enable the tool. Sign up for free on the configuration page and switch on Command Guard. The protection packs come pre-selected — you edit your personal allow/deny list right there.
  2. Connect the MCP server. One server URL for everything — in Claude Code all it takes is:
    claude mcp add --transport http beckmann-ai https://mcp.beckmann.ai
    In claude.ai and ChatGPT, add the URL as a custom connector (instructions on My MCP Server).
  3. Put the rule into your project. To make the agent check every command, add this instruction to your project instructions (e.g. CLAUDE.md):
    ## Safety: Command Guard
    Before EVERY shell execution, call the MCP tool `check_command` (beckmann-ai)
    with the full command line. If it answers "block", do NOT run the command —
    state the reason and propose the safe alternative.

Configure it right — no false alarms, no gaps

Frequently asked questions

What is Command Guard?

Command Guard is an MCP tool (check_command) on the personal MCP server mcp.beckmann.ai. An AI agent passes it a shell command line and gets back whether it is allowed or blocked — with a reason and a safer alternative. Commands are checked against curated protection packs (git, filesystem, disks, databases, containers, cloud, system) and the account’s personal allow/deny list.

Does Command Guard prevent every harmful execution?

No — it is a safety net, not a replacement for sandboxing or permissions. It reliably blocks known destructive patterns, but relies on the agent calling the tool before execution (that’s what the project instruction is for). Combine it with your agent’s permission settings.

What does Command Guard cost?

Nothing. All you need is a free beckmann.ai account to enable the tool and edit your rules.

Where do the protection rules come from?

The rule set is inspired by the open-source project destructive_command_guard, which blocks destructive commands as a local hook. Command Guard brings that principle to the cloud as an MCP tool — with a personal, browser-editable configuration per account.

Automate safely — starting with the next command

Free, active in minutes, adjustable anytime.

Set up Command Guard

The rule set is inspired by the open-source project destructive_command_guard. More tools: MCP marketplace · My MCP Server · WebMCP live checker.