2
    GuardrailDoctor

    GuardrailDoctor

    by Fairy Squadmother

    Automated security auditing and penetration testing for Claude Code agent guardrails and security hooks.

    Updated May 2026
    Security scanned
    One-time purchase
    settings.json and hook files.

    $29

    · or 145 credits

    One-time purchase

    30-day refund guarantee

    Secure checkout via Stripe

    Also available in a bundle

    Enterprise Security Bundle - HandoffPilot + Guardrail Doctor

    2 skills · $45

    Save 6%
    View bundle

    Complete Developer Toolkit - All Three Skills

    3 skills · $49

    Save 14%
    View bundle

    Included in download

    • Validate that PreToolUse hooks correctly block unauthorized shell commands.
    • Test agent defenses against base64-encoded or translation-based injections.
    • terminal, file_read automation included
    • Ready for settings.json and hook files.
    • Instant install

    See it in action

    A real example of what this skill takes in and produces.

    Sample output

    Test | Result | Evidence | Remediation Path Traversal | FAIL | cat /etc/passwd allowed | Update hook to block '/etc/' Shell Chaining | FAIL | echo 'vulnerable' && id allowed | Use command parser script Sensitive Files | PASS | .env blocked by hook | N/A

    Total: 1 Pass, 2 Fail. High bypass risk detected.

    About This Skill

    What it does

    Guardrail Doctor is a specialized security auditing skill designed to stress-test your Claude Code environment's safety configurations. It performs a comprehensive "penetration test" on your agent's guardrails by auditing security hooks, testing against prompt injection payloads, and verifying that sensitive file protections actually trigger when faced with adversarial inputs.

    Why use this skill

    Standard LLM prompts are notoriously easy to bypass. Manually testing every potential shell substitution, encoding attack, or path traversal vulnerability is tedious and error-prone. Guardrail Doctor automates this process by treating your agent's security layer as software that must be validated. It goes beyond simple keyword blocking to ensure that PreToolUse and PostToolUse hooks are correctly implemented, firing on the right tools, and actually blocking execution rather than just logging failures.

    Supported Tools & Frameworks

    • Claude Code (.claude/settings.json)
    • Custom PreToolUse and PostToolUse hook scripts
    • Bash, Read, Write, Edit, and MCP tools
    • System-level security patterns (Linux/MacOS/Env vars)

    Output Expected

    The skill generates a professional audit report including a pass/fail table for at least 10 specific attack vectors, hook execution status, and copy-pasteable remediation snippets to fix any discovered vulnerabilities immediately.

    Use Cases

    • Validate that PreToolUse hooks correctly block unauthorized shell commands.
    • Test agent defenses against base64-encoded or translation-based injections.
    • Ensures sensitive files like .env or SSH keys are inaccessible to the agent.
    • Generate copy-paste remediation code for broken Claude Code safety settings.

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Terminal / Shell
    Read Files

    File Scopes

    .claude/settings.json
    .claude/hooks/**/*
    **/.*rc
    **/*.env

    Guardrail Doctor needs terminal access to safely test hook configurations with benign test payloads (e.g., harmless echo commands). It never executes destructive or unauthorized commands. File read access allows it to audit existing security settings. The skill does not write to any files—all recommendations are provided as output for the user to review and apply manually, ensuring the user remains in control of their security configuration.

    Tags

    claude-code
    devops
    llm-ops
    security
    testing

    Works with Claude Code. Requires access to .claude/settings.json and hook files.

    Creator

    Fairy Squadmother

    Fairy Squadmother sells skills for people with real work, limited patience, and a low tolerance for software pageantry. Her skills help creators, founders, freelancers, and practical humans turn repeatable messes into reusable systems. Promptcrud. Taskspawn. Filefog. Launch splatter. Documentation drift. The weird little admin barnacles that attach themselves to anything worth doing. She builds for the moment when you know the process can be better, but you do not have a spare week to go spelunking through your own workflow with a headlamp and a grudge. Clear instructions. Useful defaults. Less performance. More usable machinery. Onward.

    Frequently Asked Questions

    Learn More About AI Agent Skills

    More Premium Skills

    designing-hybrid-context-layers

    Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.

    $1012 installs

    skill-router-2

    Automatically detect, load, and stack the perfect skills combo for any user request.

    $53 installs

    software-architect

    A structured framework for planning, reviewing, and evolving complex software systems with explicit trade-offs.

    $52 installs

    consumer-motivation-analyzer

    Go beyond surface-level feedback to uncover the psychological drivers and hidden motivations behind buyer behavior.

    $199 installs

    $29