Skip to main content
Generalhashgraph-online

pre-execute-check

Check AxonFlow governance policy before executing commands, writing files, or modifying any state. Also scan file content for PII before writing. Use before any tool call that creates, modifies, or deletes data.

Stars
336
Source
hashgraph-online/awesome-codex-plugins
Updated
2026-05-27
Slug
hashgraph-online--awesome-codex-plugins--pre-execute-check
View on GitHubRaw SKILL.md

// install — copy + paste into any project

mkdir -p .claude/skills && curl -fsSL https://raw.githubusercontent.com/hashgraph-online/awesome-codex-plugins/HEAD/plugins/getaxonflow/axonflow-codex-plugin/skills/pre-execute-check/SKILL.md -o .claude/skills/pre-execute-check.md

Drops the SKILL.md into .claude/skills/pre-execute-check.md. Works with Claude Code, Cursor, and any agent that loads SKILL.md files from .claude/skills/.

Before using tools that modify state (terminal commands, file writes, file edits, MCP operations):

Step 1: Check policy

Call the check_policy MCP tool with:

  • connector_type: codex.Bash (for commands), codex.Write (for file writes), or the appropriate tool type
  • statement: the command or content to check
  • operation: execute

If the response shows allowed: false, do NOT proceed. Report the block reason to the user.

Step 2: For file writes — also scan content for PII

If you are writing a file and the content might contain sensitive data (names, SSNs, credit cards, emails, phone numbers, addresses, medical records, financial data), call the check_output MCP tool with:

  • connector_type: codex.Write
  • message: the content being written

If a redacted_message is returned, write the redacted version instead. If allowed: false, do not write the file.

These checks take 2-5ms and protect against dangerous commands, SQL injection, credential access, SSRF, path traversal, and PII exposure.