krabb
skill
Fail
Health Warn
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Fail
- rm -rf — Recursive force deletion command in krabb/commandblock.py
- network request — Outbound network request in krabb/dashboard/static/app.js
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool acts as a local monitoring and control layer for Claude Code. It logs all tool calls (such as file edits, bash commands, and web requests) to a local SQLite database, enforces domain and command blocklists, and provides a web dashboard to review activity and manage security rules.
Security Assessment
The tool inherently interacts with highly sensitive data by intercepting all your terminal commands and file operations to store them in a local database. While it does not request overtly dangerous system permissions and no hardcoded secrets were found, there are notable security flags. The codebase contains a recursive force deletion command (`rm -rf`), and the local dashboard script makes outbound network requests. Because it acts as a proxy for your shell and file system, it requires deep access to your development environment. Overall risk is rated as Medium.
Quality Assessment
The project is licensed under the permissive MIT license and was actively updated very recently (as of today). However, it suffers from extremely low community visibility, having only 5 GitHub stars. This means the codebase has not been broadly reviewed by the open-source community for hidden vulnerabilities or edge-case bugs, making it a relatively untested tool for critical security enforcement.
Verdict
Use with caution. While the concept is highly useful for restricting AI actions, the low community trust and presence of risky commands mean you should thoroughly inspect the source code before installing it in sensitive environments.
This tool acts as a local monitoring and control layer for Claude Code. It logs all tool calls (such as file edits, bash commands, and web requests) to a local SQLite database, enforces domain and command blocklists, and provides a web dashboard to review activity and manage security rules.
Security Assessment
The tool inherently interacts with highly sensitive data by intercepting all your terminal commands and file operations to store them in a local database. While it does not request overtly dangerous system permissions and no hardcoded secrets were found, there are notable security flags. The codebase contains a recursive force deletion command (`rm -rf`), and the local dashboard script makes outbound network requests. Because it acts as a proxy for your shell and file system, it requires deep access to your development environment. Overall risk is rated as Medium.
Quality Assessment
The project is licensed under the permissive MIT license and was actively updated very recently (as of today). However, it suffers from extremely low community visibility, having only 5 GitHub stars. This means the codebase has not been broadly reviewed by the open-source community for hidden vulnerabilities or edge-case bugs, making it a relatively untested tool for critical security enforcement.
Verdict
Use with caution. While the concept is highly useful for restricting AI actions, the low community trust and presence of risky commands mean you should thoroughly inspect the source code before installing it in sensitive environments.
Access analytics and control for Claude Code
README.md
krabb
Web access analytics and control for Claude Code.
Requires Python 3.10+.
Install
pip install krabb
krabb init
That's it. Every Claude Code tool call (WebFetch, WebSearch, Bash, Read, Write, Edit) is now logged locally.
What it does
- Logs every tool call to a local SQLite database at
~/.krabb/krabb.db - Domain blocklist — block specific domains from being accessed
- Command blocking — block specific Bash commands or entire tools
- File protection — prevent writes to sensitive files
- Local dashboard at
localhost:4242to browse events and manage rules
Dashboard
krabb dashboard
CLI reference
krabb init Install hook + start daemon
krabb status Show daemon status and stats
krabb logs [--limit N] [--tool T] Show recent events
krabb dashboard Open dashboard in browser
krabb blocklist list|add|remove Manage domain blocklist
krabb commands list|add|remove Manage blocked commands
krabb hook Run hook server (foreground)
krabb uninstall Remove hook from Claude settings
Domain blocklist
krabb blocklist add example.com
krabb blocklist add "*.example.com"
krabb blocklist add "/tracking\.js$/"
| Pattern | Matches |
|---|---|
example.com |
example.com and all subdomains |
*.example.com |
Subdomains only (not example.com itself) |
/regex/ |
Python regex matched against the full URL |
When the blocklist is empty (default), all domains are allowed. Add a domain to block it — everything else remains allowed.
Blocked commands
krabb commands add "rm -rf *"
krabb commands add "git push --force*"
krabb commands add "tool:WebSearch"
krabb commands add "/sudo/"
| Pattern | Type | Matches |
|---|---|---|
tool:WebFetch |
tool | Blocks the entire tool |
/regex/ |
regex | Python regex matched against the command |
rm -rf * |
glob | Glob pattern (supports * and ?) |
git push --force |
prefix | Any command starting with this string |
Command blocking is checked before all other rules. A tool: pattern blocks the tool regardless of input.
File protection
Prevent Claude Code from writing to specific files. Managed via the dashboard or the API.
| Pattern | Matches |
|---|---|
/path/to/file.txt |
Exact path |
*.env |
Glob against filename |
src/config/ |
Anything under that directory |
package-lock.json |
Matches that filename anywhere |
Config
Configuration is stored in ~/.krabb/krabb.db in the config table. Default values:
| Key | Default | Description |
|---|---|---|
default_decision |
allow |
Default action for unmatched tools |
hook_port |
4243 |
Port for the hook HTTP server |
dashboard_port |
4242 |
Port for the dashboard |
log_bash |
true |
Log Bash tool calls |
log_reads |
true |
Log Read/Write tool calls |
How it works
krabb registers a PreToolUse hook in ~/.claude/settings.json. The hook pipes Claude Code's tool-use payload to a local HTTP server via curl. The server:
- Checks the command against blocked commands
- For web tools: checks the URL against the domain blocklist
- For writes: checks the file path against protected files
- Logs the event to SQLite
- Returns
allowordenyto Claude Code
Everything runs locally. No data leaves your machine.
Contributing
- Clone the repo
pip install -e ".[dev]"pytest tests/ -vruff check krabb/
PRs welcome. Please include tests for new functionality.
License
MIT — see LICENSE.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found