From configure-plugin
Reusable GitHub Actions workflows for security, quality, accessibility. Use when adding OWASP/secret/code-smell scans or WCAG checks to PR pipelines.
How this skill is triggered — by the user, by Claude, or both
Slash command
/configure-plugin:configure-reusable-workflows [--all] [--security] [--quality] [--a11y] [--list][--all] [--security] [--quality] [--a11y] [--list]This skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Install Claude-powered reusable GitHub Actions workflows from claude-plugins into a project.
Install Claude-powered reusable GitHub Actions workflows from claude-plugins into a project.
| Use this skill when... | Use another approach when... |
|---|---|
| Adding Claude-powered reusable workflows for security, quality, or accessibility | Setting up standard CI/CD workflows (use /configure:workflows) |
| Installing pre-built workflow callers from claude-plugins | Writing custom GitHub Actions workflows from scratch |
| Automating OWASP, secret scanning, or code smell detection via CI | Configuring local security scanning tools (use /configure:security) |
| Adding WCAG accessibility checks to pull request pipelines | Running one-off accessibility audits manually |
| Bootstrapping a full suite of Claude-powered CI checks across categories | Only need to check existing workflow compliance |
find . -maxdepth 1 -type d -name \'.github/workflows\'find . -path '*/.github/workflows/*' -maxdepth 3 -name 'claude-*'find . -maxdepth 1 \( -name 'package.json' -o -name 'pyproject.toml' -o -name 'Cargo.toml' -o -name 'go.mod' \) -print -quitfind . -maxdepth 2 \( -name '*.ts' -o -name '*.tsx' \) -print -quitfind . -maxdepth 3 \( -name '*.jsx' -o -name '*.vue' -o -name '*.svelte' \) -print -quitParse from command arguments:
--all: Install all workflows--security: Install security workflows only--quality: Install quality workflows only--a11y: Install accessibility workflows only--list: List available workflows without installing| Workflow | Description | File |
|---|---|---|
| secrets | Detect leaked secrets and credentials | reusable-security-secrets.yml |
| owasp | OWASP Top 10 vulnerability scanning | reusable-security-owasp.yml |
| deps | Dependency vulnerability audit | reusable-security-deps.yml |
| Workflow | Description | File |
|---|---|---|
| typescript | TypeScript strictness analysis | reusable-quality-typescript.yml |
| code-smell | Code smell detection | reusable-quality-code-smell.yml |
| async | Async/await pattern issues | reusable-quality-async.yml |
| Workflow | Description | File |
|---|---|---|
| wcag | WCAG 2.1 compliance checking | reusable-a11y-wcag.yml |
| aria | ARIA pattern validation | reusable-a11y-aria.yml |
Execute this reusable workflow installation:
.github/workflows/ directory (create if missing)If no flags provided, ask the user which categories to install:
Available workflow categories:
[1] Security (secrets, owasp, deps)
[2] Quality (typescript, code-smell, async)
[3] Accessibility (wcag, aria)
[4] All workflows
Which categories? (comma-separated, e.g., 1,2):
If --list is set, print the Available Workflows tables above and stop.
For each selected workflow, create a caller file in .github/workflows/.
Filename convention: claude-<category>-<name>.yml
Example: claude-security-secrets.yml
Display name convention: The workflow's name: follows <Domain>: <Action> [<target>] (quoted because YAML treats : as a key separator). For these reusable callers, Claude: is the right domain. See .claude/rules/workflow-naming.md for the canonical rule and active domains. Example: name: "Claude: Security secrets".
Use the caller workflow template:
name: "Claude: <Action> <target>"
on:
pull_request:
branches: [main]
workflow_dispatch:
permissions:
contents: read
pull-requests: write
id-token: write
jobs:
check:
uses: laurigates/.github/.github/workflows/reusable-<category>-<name>.yml@main
with:
# Default inputs - customize as needed
max-turns: 5
secrets: inherit
For complete caller workflow files per category, see REFERENCE.md.
After installation, print the required secret configuration:
Required secret: CLAUDE_CODE_OAUTH_TOKEN
To configure:
1. Go to repository Settings > Secrets and variables > Actions
2. Add secret: CLAUDE_CODE_OAUTH_TOKEN
3. Value: Your Claude Code OAuth token
Get token from: https://console.anthropic.com/
After installation, users can customize:
| Input | Purpose | Example |
|---|---|---|
file-patterns | Files to scan | 'src/**/*.ts' |
max-turns | Claude analysis depth | 3 (quick) to 10 (thorough) |
fail-on-* | Block merges on findings | true / false |
wcag-level | Accessibility standard | 'A', 'AA', 'AAA' |
CLAUDE_CODE_OAUTH_TOKEN to repository secretsfile-patterns to match project structurepaths filters for relevant file typesworkflow_dispatch to test before PR triggers| Context | Command |
|---|---|
| List available workflows | /configure:reusable-workflows --list |
| Install all workflows at once | /configure:reusable-workflows --all |
| Security workflows only | /configure:reusable-workflows --security |
| Quality workflows only | /configure:reusable-workflows --quality |
| Accessibility workflows only | /configure:reusable-workflows --a11y |
| Check existing callers | find .github/workflows -name 'claude-*' -type f |
| Flag | Description |
|---|---|
--all | Install all workflows |
--security | Install security workflows only |
--quality | Install quality workflows only |
--a11y | Install accessibility workflows only |
--list | List available workflows without installing |
/configure:workflows - Standard CI/CD workflows (container, release-please)/configure:security - Security tooling configurationci-workflows skill - Workflow patternsnpx claudepluginhub laurigates/claude-plugins --plugin configure-pluginBuilds GitHub Actions workflows for CI/CD, testing, security scanning, and deployment. Covers jobs, steps, matrix strategies, caching, and conditional execution.
GitHub Actions CI/CD workflows for container builds, tests, releases. Use when updating outdated action versions, adding multi-platform builds, or auditing workflows.
Generates GitHub Actions workflows, custom action.yml files (composite, Docker, JavaScript), and reusable workflows for CI/CD pipelines and automation.