agent-browser-solo
PreToolUseWebFetch
Claude
Services WebFetch through a real browser instead of plain HTTP.
Intercepts WebFetch and fetches the page with agent-browser (headless Chrome) in an isolated session, delivering JS-rendered extracted text to the model in the same turn — one fetch, one quiet transcript line, no retry. Client-rendered pages that return a 10-byte shell over HTTP come back as complete content in about 1.5 seconds. Fetched text is sanitized, capped at 30KB, and wrapped in untrusted-data markers; near-empty results and missing-binary cases fall back to native WebFetch.
bouncer
PreToolUseBash
ClaudeCodex
Blocks destructive git commands before they run.
Hard-blocks working-tree-destroying git operations (reset --hard, clean -f, checkout --, restore of worktree files, stash clear) while allowing their safe counterparts like unstaging and restore --staged. Runs on every Bash call in both Claude Code and Codex runtimes.
damage-control
PreToolUseBash|Write|Edit|Read
ClaudeCodex
Confirmation tier for risky operations; zero-access guard for secrets.
Asks for user confirmation on risky-but-legitimate operations (stash drop, force pushes other than --force-with-lease) and hard-blocks writes to secret files like .env while allowing templates such as .env.example. On Codex, confirmation-tier operations deny with an actionable reason since Codex has no ask flow.
publish-gate
PreToolUseBash
ClaudeCodex
Gates package publishing behind Linear ticket verification.
Detects publish commands (npm/bun publish, clawnet publish, including inside shell chains) and verifies an approved Linear ticket exists before allowing them. On-chain publishes additionally require an explicit irreversibility acknowledgment. Fails closed on API errors, timeouts, and missing credentials.
session-context
SessionStart*
ClaudeCodex
Injects repo and plugin context at session start.
Summarizes the working repository (branch, recent commits, files changed in the last commit) and the installed plugin inventory into the session's opening context so the agent starts oriented.
hammertime
Stop*
ClaudeCodex
Corpus-tuned end-of-turn rule enforcement.
Evaluates the assistant's turn against rules mined from real production transcripts (F1 0.89 on the tuning corpus) and blocks the stop when a rule fires — for example, dismissing errors as pre-existing instead of fixing them. Rules are managed via the hammertime skill.
browser-intent
UserPromptSubmit*
Codex
Steers browser-shaped prompts toward agent-browser.
Detects prompts that involve browser work (URLs, navigation, form filling, login, screenshots, SPAs) and injects static guidance preferring agent-browser when installed. Never fetches or injects page content itself.