aryanbhosale

aryanbhosale / sh-guard

Public

Semantic shell command safety classifier — AST-based risk scoring for AI coding agents

ai-agent bash claude-code cli codex
10
1
100% credibility
Found Apr 06, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Rust
AI Summary

A semantic analyzer that scores shell commands for safety risks, designed to protect AI coding agents from executing dangerous operations like file deletion or data exfiltration.

How It Works

1
📰 Hear about AI risks

You read scary stories of AI coding helpers accidentally deleting files or leaking secrets.

2
🔍 Discover sh-guard

You find a friendly safety guard that checks every command before your AI runs it.

3
📥 Grab it easily

You add it to your computer in seconds using your usual way of getting apps.

4
🛡️ Shield your AI friends

One simple action connects it to all your AI coding tools, ready to watch over them.

5
🧪 Test everyday tasks

You try normal commands like listing files, and it gives a quick green light.

6
🚨 Spot the dangers

Sneaky risky commands get flagged with clear warnings and reasons why to stop.

😌 Safe coding bliss

Your AI helpers now run commands securely, letting you create without worry.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is sh-guard?

sh-guard is a Rust-based CLI tool that scans shell commands for security risks before AI coding agents like Cursor or Claude execute them. It parses commands semantically, tracks data flows in pipelines, and assigns a 0-100 risk score with MITRE ATT&CK mappings—all in under 100 microseconds. Developers get instant feedback like "CRITICAL (100): recursive deletion" via CLI, JSON output, or exit codes for automation.

Why is it gaining traction?

Unlike regex-based guards, sh-guard understands command intent, context like project roots, and taint flows (e.g., cat .env | curl jumps to 100). One-command setup auto-configures hooks for Claude Code, Cursor MCP servers, and more, with bindings for Python, Node.js, and Rust. Multi-platform installs (brew, npm, Docker) make it dead simple for semantic shell integration in AI workflows.

Who should use this?

AI agent users building with Cursor, Cline, or Windsurf who fear rogue rm -rf or data leaks. Teams enforcing github semantic commits or semantic versioning via safe shell scripts. Security devs wrapping agents in semantic github actions needing fast, embeddable risk checks.

Verdict

Promising early guardrail for AI shell risks, but at 10 stars and 1.0% credibility, it's raw—docs are solid, benchmarks prove speed, but test real pipelines before prod. Try via brew install for your next agent; worth watching as semantic shell tools mature.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.