security-detection | copilot-cli-toolkit | ClaudePluginHub

Skill

security-detection

From copilot-cli-toolkit

Detects changes to infrastructure and security-critical files like CI/CD workflows, Dockerfiles, git hooks, env files, and auth code to recommend security agent reviews.

$

npx claudepluginhub rjmurillo/ai-agents

Configuration

Model: claude-haiku-4-5

Tool Access

This skill uses the workspace's default tool permissions.

Preview

| Trigger Phrase | Operation |

Supporting Assets

detect_infrastructure.py

SKILL.md

Similar Skills

security-detection

26

Detects changes to infrastructure and security-critical files like CI/CD workflows, Dockerfiles, Terraform configs, auth code, and env files; recommends security agent review before commits or in CI.

project-toolkit

Security Review

273

Performs security reviews for risky code changes like sensitive file edits, shell commands, dependencies, CI/CD, and secrets using Clawdstrike MCP tools for policy checks.

security-review

14

Reviews code changes for security vulnerabilities, insecure patterns, and best practices. Targets implementation deltas like git diffs and new dependencies, not full audits.

Stats

Parent Repo Stars26

Parent Repo Forks4

Last CommitApr 30, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

infrastructure-detection

pre-commit-security

ci-security-gate

risk-assessment

file-change-review

Help us improve

Share bugs, ideas, or general feedback.

Security Detection Utility

Triggers

Trigger Phrase	Operation
`scan for security changes`	detect-infrastructure with staged files
`check security-critical files`	detect-infrastructure with file list
`run security scan on changes`	detect-infrastructure analysis
`do I need a security review`	Risk-level assessment of changed files
`check infrastructure changes`	Pattern matching against critical/high lists

When to Use

Use this skill when:

Committing changes that may touch infrastructure or security files
Pre-commit validation for security-sensitive paths
Determining if a security agent review is needed
CI pipeline security gate checks

Use the security agent directly instead when:

You already know security review is needed
Performing threat modeling or vulnerability assessment
Reviewing authentication or authorization code in depth

Available Scripts

Script	Language	Usage
`detect_infrastructure.py`	Python 3	Cross-platform

Usage

# Analyze staged files
python detect_infrastructure.py --git-staged

# Analyze specific files
python detect_infrastructure.py .github/workflows/ci.yml src/auth/login.cs

Output

When security-critical files are detected:

=== Security Review Detection ===

CRITICAL: Security agent review REQUIRED

Matching files:
  [CRITICAL] .github/workflows/deploy.yml
  [HIGH] src/Controllers/AuthController.cs

Run security agent before implementation:
  Task(subagent_type="security", prompt="Review infrastructure changes")

When no matches:

No infrastructure/security files detected.

Risk Levels

Level	Meaning	Action
CRITICAL	Immediate security implications	Review REQUIRED
HIGH	Potential security impact	Review RECOMMENDED

Detected Patterns

Critical (Review Required)

CI/CD workflows (.github/workflows/*)
Git hooks (.githooks/*, .husky/*)
Authentication code (**/Auth/**, **/Security/**)
Environment files (*.env*)
Credentials and keys (*.pem, *.key, *secret*)

High (Review Recommended)

Build scripts (build/**/*.ps1, scripts/**/*.sh)
Container configs (Dockerfile*, docker-compose*)
API controllers (**/Controllers/**)
App configuration (appsettings*.json)
Infrastructure as Code (*.tf, *.tfvars, *.bicep)

Integration

Pre-commit Hook

Add to .githooks/pre-commit:

# Security detection (non-blocking warning)
python3 .claude/skills/security-detection/detect_infrastructure.py --git-staged

CI Integration

- name: Check security-critical files
  run: python .claude/skills/security-detection/detect_infrastructure.py --git-staged

Exit Codes

Code	Meaning
0	Success (warning shown if matches found, non-blocking)

The scripts are designed to be non-blocking warnings. They always exit 0 to avoid blocking commits or CI. The warning is informational only.

Customization

Edit the pattern lists in either script to add or modify detection patterns:

CRITICAL_PATTERNS / $CriticalPatterns - Review required
HIGH_PATTERNS / $HighPatterns - Review recommended

Process

Gather the list of changed files (staged or explicit)
Run pattern matching against critical and high-risk file patterns
Report findings with risk level classification
Route to security agent if CRITICAL matches found

Anti-Patterns

Avoid	Why	Instead
Skipping detection before commits	Security files slip through unreviewed	Run detection on every commit with infrastructure changes
Treating warnings as blocking	Scripts exit 0 intentionally	Use output to inform review decisions, not block commits
Hardcoding custom patterns inline	Drifts from canonical pattern lists	Edit CRITICAL_PATTERNS/HIGH_PATTERNS in the scripts
Ignoring HIGH-level matches	Potential security impact overlooked	Review HIGH matches, escalate to security agent when uncertain
Running only one language script	May miss platform-specific detection	Use whichever script matches your environment

Verification

After running security detection:

Script exited with code 0 (non-blocking)
All CRITICAL matches reviewed
Security agent routed for CRITICAL findings
HIGH matches evaluated for review need
Output captured in session log if security-relevant

Related Documents