Skill

sui-security-guard

Use when setting up security scanning, detecting secrets in code, implementing pre-commit hooks, or auditing SUI projects. Triggers on security setup, API key exposure risks, or security checklist verification.

From sui-dev-agents

Install

Run in your terminal

npx claudepluginhub first-mover-tw/sui-dev-agents --plugin sui-dev-agents

Tool Access

This skill uses the workspace's default tool permissions.

Supporting Assets

View in Repository

references/examples.md

references/reference.md

scripts/pre-commit.sh

Skill Content

Similar Skills

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

prompts.chat

157.5k

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

prompts.chat

157.5k

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

ecc

140.3k

Stats

Stars7

Forks1

Last CommitJan 29, 2026

Actions

View Source View Plugin View on GitHub View README

SUI Security Guard

Automated security scanning and secret detection for SUI projects.

Overview

This skill provides comprehensive security scanning:

Secret detection (private keys, API keys, mnemonics)
Pre-commit hook installation
Security checklist validation
Best practices enforcement

Quick Start

# Install pre-commit hook
sui-security-guard install-hook

# Manual scan
sui-security-guard scan

# Verify configuration
sui-security-guard check

Core Features

1. Secret Detection

Scans for:

SUI private keys (suiprivkey1...)
Mnemonics (12/24 word phrases)
API keys (OpenAI, Anthropic, etc.)
AWS credentials
Environment files (.env)

2. Pre-commit Hook

Automatically runs before each commit to prevent secrets from being committed.

Installation:

# Creates .git/hooks/pre-commit
sui-security-guard install-hook

3. Security Checklist

Validates:

No hardcoded secrets
.env in .gitignore
No private keys in code
No API keys in frontend
Proper capability usage

Configuration

.sui-security.json:

{
  "enabled": true,
  "scan_on_commit": true,
  "exclude_patterns": [
    "node_modules/",
    ".git/",
    "*.test.ts"
  ]
}

Common Mistakes

❌ Committing .env files

Problem: API keys exposed in git history
Fix: Add .env* to .gitignore, use .env.example for templates
Remediation: Rotate all exposed keys, use git-filter-repo to purge history

❌ Hardcoding private keys in code

Problem: Permanent exposure, cannot rotate
Fix: Use environment variables, secure key management systems

❌ Disabling pre-commit hook "just once"

Problem: Secrets slip through, end up in production
Fix: Never skip hooks, fix the issue instead

❌ Storing mnemonics in comments

Problem: Easy to miss in code review, exposed in repo
Fix: Never store mnemonics anywhere in codebase, use secure vaults

❌ Not scanning existing codebase

Problem: Legacy secrets remain in old commits
Fix: Run full historical scan with tools like gitleaks

❌ Testing with production API keys

Problem: Rate limits, billing issues, exposure risk
Fix: Use separate test API keys with limited permissions

Integration

Called by: sui-full-stack (throughout development)
Hooks: Git pre-commit

See reference.md for scan patterns and examples.md for remediation guides.