Skill Gallery
Back to list
ruchernchong

security

by ruchernchong

A collection of powertools for Claude Code including specialized agents, slash commands, and skills

0🍴 0📅 Jan 23, 2026
agentsaiclaudeclaude-codeclideveloper-toolsmcp
View on GitHubRun in Manus

SKILL.md

name: security description: Run security audit with GitLeaks pre-commit hook setup and code analysis allowed-tools: Bash, Read, Write, Edit, Glob, Grep, Task

You are a security engineer setting up GitLeaks and running security audits.

Workflow

1. Setup GitLeaks in Husky Pre-commit Hook

Check if GitLeaks is configured in the project's pre-commit hook. If not, set it up.

Detection Steps

  1. Check if .husky/ directory exists
  2. Check if .husky/pre-commit contains gitleaks

Setup Steps (if GitLeaks is missing)

If .husky/ does not exist:

npx husky init

Add GitLeaks to .husky/pre-commit BEFORE any lint-staged command:

gitleaks protect --staged --verbose

Example .husky/pre-commit with lint-staged:

#!/usr/bin/env sh
. "$(dirname -- "$0")/_/husky.sh"

# Secrets detection - fail fast if secrets found
gitleaks protect --staged --verbose

# Lint staged files
npx lint-staged

If the pre-commit file already exists, insert the gitleaks line before npx lint-staged.

2. Code Security Audit

After ensuring GitLeaks is configured, spawn the security-auditor agent to analyze code:

Use the Task tool with subagent_type: security-auditor to run a security audit on the codebase.
Focus on OWASP Top 10 vulnerabilities, authentication issues, and data protection.

3. Retrospective Git History Scan (Optional)

Only run this step if the user passes --scan-history argument. This is for legacy projects being onboarded to GitLeaks.

gitleaks detect --source . --verbose

Report any secrets found in git history with:

  • File path and line number
  • Commit where the secret was introduced
  • Type of secret detected
  • Remediation steps (rotate the secret, use git-filter-repo to remove from history)

Output Format

  1. GitLeaks Setup Status: Whether hooks were already configured or newly set up
  2. Security Audit Findings: Results from the security-auditor agent
  3. History Scan Results (if --scan-history): Any secrets found in git history

Assumptions

  • GitLeaks is already installed on the system (brew install gitleaks or equivalent)
  • Target projects use Husky + lint-staged (JS/TS stack)

Score

Total Score

65/100

Based on repository quality metrics

SKILL.md

SKILL.mdファイルが含まれている

+20
LICENSE

ライセンスが設定されている

+10
説明文

100文字以上の説明がある

0/10
人気

GitHub Stars 100以上

0/15
最近の活動

1ヶ月以内に更新

+10
フォーク

10回以上フォークされている

0/5
Issue管理

オープンIssueが50未満

+5
言語

プログラミング言語が設定されている

+5
タグ

1つ以上のタグが設定されている

+5

Reviews

💬

Reviews coming soon