SE
security-before-push
Use before commit, push, or PR to check secrets, generated junk, unsafe permissions, logging leaks, and durable instruction changes.
Install
mkdir -p .claude/skills/security-before-push && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/15632" && unzip -o skill.zip -d .claude/skills/security-before-push && rm skill.zipInstalls to .claude/skills/security-before-push
Activation
This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.
Use before commit, push, or PR to check secrets, generated junk, unsafe permissions, logging leaks, and durable instruction changes.132 charsno explicit “when” trigger
About this skill
Security Before Push
Required Checks
- Run
scripts/check_no_secrets.shif available. - Review changed files for credentials, tokens, private keys, provisioning profiles, certificates, and local config.
- Check for sensitive values in logs and debug output.
- Review
.github/workflows/**for permission expansion. - Review
.agent/**,AGENTS.md, and prompt files for instruction changes. - Review dependency, entitlement, signing, and network permission changes.
Blockers
- Secret detected.
- Real credential printed or logged.
- CI permission broadened without approval.
- Branch protection weakened.
- Unapproved dependency added.
- Persistent agent instructions changed without approval.
Output
- Security checks run.
- Findings.
- Blocking issues.
- Approval needed before push.