Detect infrastructure and security-critical file changes to trigger security agent review recommendations ensuring proper security oversight for sensitive modifications.
Scans code changes for security-critical file patterns and recommends security agent reviews when needed.
/plugin marketplace add rjmurillo/ai-agents/plugin install project-toolkit@ai-agentsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
| Trigger Phrase | Operation |
|---|---|
scan for security changes | detect-infrastructure with staged files |
check security-critical files | detect-infrastructure with file list |
run security scan on changes | detect-infrastructure analysis |
do I need a security review | Risk-level assessment of changed files |
check infrastructure changes | Pattern matching against critical/high lists |
Use this skill when:
Use the security agent directly instead when:
| Script | Language | Usage |
|---|---|---|
detect_infrastructure.py | Python 3 | Cross-platform |
# Analyze staged files
python detect_infrastructure.py --git-staged
# Analyze specific files
python detect_infrastructure.py .github/workflows/ci.yml src/auth/login.cs
When security-critical files are detected:
=== Security Review Detection ===
CRITICAL: Security agent review REQUIRED
Matching files:
[CRITICAL] .github/workflows/deploy.yml
[HIGH] src/Controllers/AuthController.cs
Run security agent before implementation:
Task(subagent_type="security", prompt="Review infrastructure changes")
When no matches:
No infrastructure/security files detected.
| Level | Meaning | Action |
|---|---|---|
| CRITICAL | Immediate security implications | Review REQUIRED |
| HIGH | Potential security impact | Review RECOMMENDED |
.github/workflows/*).githooks/*, .husky/*)**/Auth/**, **/Security/**)*.env*)*.pem, *.key, *secret*)build/**/*.ps1, scripts/**/*.sh)Dockerfile*, docker-compose*)**/Controllers/**)appsettings*.json)*.tf, *.tfvars, *.bicep)Add to .githooks/pre-commit:
# Security detection (non-blocking warning)
if command -v python3 &> /dev/null; then
python3 .claude/skills/security-detection/detect_infrastructure.py --git-staged
elif command -v pwsh &> /dev/null; then
pwsh -File .claude/skills/security-detection/detect-infrastructure.ps1 -UseGitStaged
fi
- name: Check security-critical files
run: python .claude/skills/security-detection/detect_infrastructure.py --git-staged
| Code | Meaning |
|---|---|
| 0 | Success (warning shown if matches found, non-blocking) |
The scripts are designed to be non-blocking warnings. They always exit 0 to avoid blocking commits or CI. The warning is informational only.
Edit the pattern lists in either script to add or modify detection patterns:
CRITICAL_PATTERNS / $CriticalPatterns - Review requiredHIGH_PATTERNS / $HighPatterns - Review recommended| Avoid | Why | Instead |
|---|---|---|
| Skipping detection before commits | Security files slip through unreviewed | Run detection on every commit with infrastructure changes |
| Treating warnings as blocking | Scripts exit 0 intentionally | Use output to inform review decisions, not block commits |
| Hardcoding custom patterns inline | Drifts from canonical pattern lists | Edit CRITICAL_PATTERNS/HIGH_PATTERNS in the scripts |
| Ignoring HIGH-level matches | Potential security impact overlooked | Review HIGH matches, escalate to security agent when uncertain |
| Running only one language script | May miss platform-specific detection | Use whichever script matches your environment |
After running security detection:
Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.