Skill

trace-mcp-pre-commit

Runs trace-mcp pre-commit/PR checks: security scans (OWASP, taint analysis), quality gates on changed files, antipattern detection, symbol diffs, and bug predictions before committing or opening PRs.

Git

security

code-quality

npx claudepluginhub nikolai-vysotskyi/trace-mcp --plugin trace-mcp

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Before creating a commit or opening a pull request, run the trace-mcp validation suite. Fix any critical or high findings before committing.

SKILL.md

Similar Skills

Harness Pre-Commit Review

Runs mechanical pre-commit checks (lint, typecheck, tests via pnpm/npm/make/tsc) first, then AI review if passed. Blocks commits on failures for fast local feedback.

1 file

harness-claude

requesting-code-review

Performs structured code reviews checking requirements, quality, and security standards after changes or before merge. Uses git diffs, context snapshots, and blast radius for scope.

1 file

superpowers-optimized

preflight

Pre-commit quality gate validating logic correctness, error handling, regressions, and completeness in code changes. Auto-fires before commit via cook or on large diffs.

rune

Stats

Stars69

Forks7

Last CommitApr 9, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

trace-mcp — Pre-Commit & Pre-PR Checks

Before creating a commit or opening a pull request, run the trace-mcp validation suite. Fix any critical or high findings before committing.

When to Use

The user asks to commit, stage, or push changes
The user asks to open a PR
The agent has finished implementing a feature or fix and is about to hand off

Checklist

1. Security scan

scan_security({ rules: ["all"] })

OWASP Top-10 vulnerability scan across the changed scope. If the change touches untrusted data flows, add:

taint_analysis({})

Trace untrusted sources to sensitive sinks (SQL, shell, file system, HTTP).

2. Quality gates on the changed scope

check_quality_gates({ scope: "changed" })

Validates complexity, coverage, duplication, and any project-configured gates on only the files you changed.

3. Antipattern scan

detect_antipatterns({})

Flags N+1 queries, eager loading, inefficient iteration, and language-specific performance footguns.

4. Symbol-level diff for the PR description

compare_branches({ branch: "current" })

Produces a symbol-level diff (functions added/removed/modified, signatures changed, exports changed). Use this as the basis for an accurate PR description instead of a raw line diff.

5. Bug prediction (optional, for risky changes)

predict_bugs({})
get_risk_hotspots({})

Flags files where the combination of high complexity and high churn makes regressions likely. If your change touches a hotspot, add extra tests.

Fix or Escalate

Critical / High findings: fix before committing. Do not suppress without discussion.
Medium findings: fix if cheap, otherwise note in the PR description.
Low / Info findings: note in the PR description.

After Commit

If the commit is part of a larger series, consider:

get_changed_symbols({ since: "<base-ref>" })

to generate an accurate changelog entry grounded in the symbol graph rather than commit messages.