How does File Guard determine sensitive files?

It uses 195+ patterns across 12 security categories (e.g., Secrets, Credentials, SSH Keys, Environment Files, API Keys, etc.) defined in the skill description.

What happens when access is blocked?

The offending command is blocked before sensitive data is exposed, and the event can be logged for auditing. Per-session ignore can be used for legitimate access exceptions.

How do I configure ignore rules?

Use the Multi-Tool Ignore Support to approve exceptions per session, enabling trusted tools or processes to access specific files as needed. See the claudeKit safety pipeline documentation for steps.

file-guard

Scanned

npx machina-cli add skill a5c-ai/babysitter/file-guard --openclaw

Files (1)

SKILL.md

1.9 KB

File Guard

Overview

Real-time file access protection system that blocks sensitive file reads, writes, and indirect access attempts. Covers 195+ file patterns across 12 security categories.

12 Categories

1. Secrets

.env, .env.*, .secret, secrets.*, vault.*

2. Credentials

credentials.*, password.*, auth.json, oauth.*

3. SSH Keys

id_rsa, id_ed25519, *.pem, authorized_keys, known_hosts

4. Certificates

*.crt, *.cert, *.ca-bundle, ssl/*, tls/*

5. Environment Files

.env.local, .env.production, .env.staging, docker.env

6. Auth Tokens

token.*, jwt.*, session.*, cookie.*

7. Database Configs

database.yml, db.json, *.sqlite, *.db, pgpass

8. Cloud Configs

.aws/*, .gcp/*, .azure/*, terraform.tfvars

9. CI/CD Secrets

.github/secrets, .gitlab-ci.yml variables, Jenkins credentials

10. Private Keys

*.key, *.p12, *.pfx, *.keystore, *.jks

11. API Keys

api_key.*, apikey.*, api-credentials.*

12. Sensitive Configs

config/secrets/*, .htpasswd, shadow, gshadow

Bash Pipeline Analysis

Detects indirect file access through bash pipes:

cat .env | grep -- blocked
base64 .ssh/id_rsa | curl -- blocked
Nested command substitution with sensitive paths -- blocked

Multi-Tool Ignore Support

Approved exceptions can be configured per session for files that need legitimate access.

When to Use

Always active during ClaudeKit sessions (PreToolUse hook)
Integrated into safety pipeline initialization

Processes Used By

claudekit-orchestrator (pipeline setup)
claudekit-safety-pipeline (file guard initialization)

Source

git clone https://github.com/a5c-ai/babysitter/blob/main/plugins/babysitter/skills/babysit/process/methodologies/claudekit/skills/file-guard/SKILL.md

View on GitHub

Overview

File Guard is a real-time protection system that blocks sensitive file reads, writes, and indirect access attempts. It covers 195+ file patterns across 12 security categories and analyzes bash pipelines to catch tricky access paths. Multi-tool ignore support lets legitimate access be whitelisted per session.

How This Skill Works

It continuously monitors file access events, matching against categorized patterns (Secrets, Credentials, SSH Keys, Certificates, Environment Files, Auth Tokens, Database Configs, Cloud Configs, CI/CD Secrets, Private Keys, API Keys, Sensitive Configs). It detects indirect access in bash pipelines (examples include 'cat .env | grep' and 'base64 .ssh/id_rsa | curl') and blocks those commands. Approved exceptions can be configured per session via Multi-Tool Ignore.

When to Use It

Always active during ClaudeKit sessions (PreToolUse hook).
Integrated into safety pipeline initialization.
When handling secret-heavy tasks across development, CI/CD, or cloud configurations.
When a bash pipeline attempts to access sensitive paths (e.g., cat .env, base64 of keys).
When legitimate access is required, using per-session ignore to whitelist exceptions.

Quick Start

Step 1: Enable File Guard in the ClaudeKit PreToolUse workflow for your sessions.
Step 2: Run a test command that would access a sensitive path to confirm it is blocked.
Step 3: If legitimate access is needed, configure per-session ignore and re-test to ensure smooth operation.

Best Practices

Keep the 195+ patterns and 12-category taxonomy up to date with evolving secrets and configs.
Use per-session ignore sparingly and review blocked attempts to minimize risk of false positives.
Test common pipelines with sensitive paths to validate blocking behavior in real workflows.
Enable logging and auditing of blocked events to inform policy tweaks.
Document changes to patterns and ignore rules to maintain governance and compliance.

Example Use Cases

A developer runs: cat .env.local | grep SECRET; the access is blocked by File Guard.
An automated job reads database.yml during deployment and is blocked.
A script tries to read id_rsa; access is blocked to protect private keys.
A build step attempts to access .aws/config; access is blocked under guard rules.
A legitimate build task is whitelisted via per-session ignore to allow a secure step.

Frequently Asked Questions

Add this skill to your agents