2.1 KiB
2.1 KiB
model, allowed-tools, argument-hint, description
| model | allowed-tools | argument-hint | description |
|---|---|---|---|
| claude-sonnet-4-0 | Task, Bash, Read, Write | <script-purpose> [robustness] | Shell script creation with error handling and best practices |
Shell Command
Shell script creation with error handling and best practices
SECURITY WARNING
CRITICAL: This command creates shell scripts with Bash execution capabilities.
Scripts you create will have the power to:
- Execute system commands
- Modify/delete files
- Access network resources
- Change permissions and ownership
- Potentially escalate privileges
BEFORE requesting a script, consider:
- What's the blast radius if this script is exploited?
- Does this script handle any untrusted input?
- Will this script access sensitive data or credentials?
- What's the minimum privilege level needed?
Security Requirements Checklist
EVERY shell script must include:
- Strict error handling:
set -euo pipefail - Input validation: Validate ALL external inputs with regex
- Quoted variables: ALWAYS quote variables to prevent injection
- No hardcoded secrets: Use env vars or secret management
- Secure temp files: Use
mktemp, never predictable names - Least privilege: Run with minimum necessary permissions
- Cleanup handlers: Use
trapto clean up on exit/error - Safe file permissions: chmod 700 for scripts, 600 for configs
- Command validation: Validate commands before execution
- Audit logging: Log security-relevant operations
Dangerous Operations to Avoid
STOP and think before using:
rm -rfwith variableschmod 777or similar overly permissive modessudowithout specific command limitsevalwith external input- Unquoted variables in commands
- Shell injection via unsanitized input
Arguments
$1 (Required): script-purpose
$2 (Optional): robustness (production requires strict security)
Examples
/shell "Backup database with rotation" production
/shell "Deploy application with health checks"
Invoke the shell-scripter agent with: $ARGUMENTS