Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From security-scan
Use when auditing a branch for security issues before push or release. Triggers on "security scan", "secret scan", "pre-push check", "audit this diff", "check for leaked credentials".
npx claudepluginhub genkovich/team-marketplace-demo --plugin security-scanHow this skill is triggered — by the user, by Claude, or both
Slash command
/security-scan:scannerThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Audit the staged diff and dependencies for the five red flags the team has agreed never ship.
Applies C++ Core Guidelines to write, review, or refactor C++ code. Enforces modern, safe, and idiomatic practices for C++17/20/23.
Share bugs, ideas, or general feedback.
Audit the staged diff and dependencies for the five red flags the team has agreed never ship.
.env values committed inline. Patterns: sk-, AKIA, xoxb-, ghp_, -----BEGIN, password=, api_key=eval(, exec(, Function(...) from string input, os.system, subprocess.run(..., shell=True), child_process.exec with interpolationallowlist.txt; curl | sh patterns; webhook endpoints without TLSsudo invocations, writes to ~/.bashrc or ~/.zshrc, hooks that touch system paths, plugin code that reads files outside the project rootnpm audit or pip-audit on packages touched in this branchgit diff --staged and grep for each pattern abovepackage.json, requirements.txt, go.mod)A passing scan is one where every grep returns empty and every audit reports zero high or critical issues.