What makes a command dangerous?

Mostly two things: how much it can destroy, and whether you can undo it. Deleting files recursively, dropping a table or database, running a DELETE with no WHERE clause, force-pushing over shared git history, tearing down infrastructure, or piping a script straight from the internet into a shell are all high blast-radius and often irreversible. This tool flags the specific capability and tells you whether there is an undo.

Is it safe to paste my command here?

Yes. The checker runs entirely in your browser in JavaScript - nothing you paste is uploaded, logged, or sent anywhere. It pattern-matches the text against a readable set of risk rules locally. Do not paste live secrets, but the command structure itself never leaves your machine.

Should an AI agent run commands like these on its own?

The high and critical ones, no. The failures that end companies - an agent that dropped the production database, or ran rm -rf in the wrong directory - happen because nothing stood between the model deciding to run a command and the command executing. The fix is a human approval gate for exactly the destructive, irreversible actions this tool flags. That gate is what Infraveil and the open-source infraveil-guard provide.

Free tool · Runs in your browser · Nothing uploaded

Is this command safe to run?

Paste a shell command, SQL statement, or infra operation. You get its blast radius — how much it can destroy, whether it's reversible, and exactly which dangerous capability it triggers. The same classifier that powers infraveil-guard, the open-source seatbelt for AI agents.

100% client-side

Blast radius, not vibes

The commands that end companies aren't exotic — they're rm -rf in the wrong directory, a DELETE that forgot its WHERE, a force-push over shared history, a terraform destroy against prod. What they share is a large blast radius and no undo. This tool reads your command against a small, readable set of rules and tells you which of those it triggers and whether you can take it back.

It matters most for one reason: AI agents now run commands. The viral incidents — an agent that deleted a production database in seconds, backups and all — happened because nothing sat between “the model decided to run this” and “it ran.” The fix isn't to stop using agents; it's to make exactly these high-blast, irreversible actions wait for a human. That gate is the whole idea behind infraveil-guard and the Infraveil control plane.

Related free tools

AI agent guard configGate your AI agent AI-agent blast-radius checkerWhat can your agent destroy?

All free tools →

Knowing it's dangerous is step one. Gating it is step two.

infraveil-guard puts a human-approval gate in front of an AI agent's destructive actions — the agent cannot approve its own command, and every decision is written to a tamper-evident log. Free and open source. Infraveil does it for your whole backend.

Get infraveil-guard

Get the AI-agent safety playbook

How to let AI agents touch production without letting them detonate it. No spam.