From project-toolkit
Detects changes to infrastructure and security-critical files like CI/CD workflows, Dockerfiles, Terraform configs, auth code, and env files; recommends security agent review before commits or in CI.
npx claudepluginhub rjmurillo/ai-agents --plugin project-toolkitThis skill uses the workspace's default tool permissions.
| Trigger Phrase | Operation |
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
| Trigger Phrase | Operation |
|---|---|
scan for security changes | detect-infrastructure with staged files |
check security-critical files | detect-infrastructure with file list |
run security scan on changes | detect-infrastructure analysis |
do I need a security review | Risk-level assessment of changed files |
check infrastructure changes | Pattern matching against critical/high lists |
Use this skill when:
Use the security agent directly instead when:
| Script | Language | Usage |
|---|---|---|
detect_infrastructure.py | Python 3 | Cross-platform |
# Analyze staged files
python detect_infrastructure.py --git-staged
# Analyze specific files
python detect_infrastructure.py .github/workflows/ci.yml src/auth/login.cs
When security-critical files are detected:
=== Security Review Detection ===
CRITICAL: Security agent review REQUIRED
Matching files:
[CRITICAL] .github/workflows/deploy.yml
[HIGH] src/Controllers/AuthController.cs
Run security agent before implementation:
Task(subagent_type="security", prompt="Review infrastructure changes")
When no matches:
No infrastructure/security files detected.
| Level | Meaning | Action |
|---|---|---|
| CRITICAL | Immediate security implications | Review REQUIRED |
| HIGH | Potential security impact | Review RECOMMENDED |
.github/workflows/*).githooks/*, .husky/*)**/Auth/**, **/Security/**)*.env*)*.pem, *.key, *secret*)build/**/*.ps1, scripts/**/*.sh)Dockerfile*, docker-compose*)**/Controllers/**)appsettings*.json)*.tf, *.tfvars, *.bicep)Add to .githooks/pre-commit:
# Security detection (non-blocking warning)
python3 .claude/skills/security-detection/detect_infrastructure.py --git-staged
- name: Check security-critical files
run: python .claude/skills/security-detection/detect_infrastructure.py --git-staged
| Code | Meaning |
|---|---|
| 0 | Success (warning shown if matches found, non-blocking) |
The scripts are designed to be non-blocking warnings. They always exit 0 to avoid blocking commits or CI. The warning is informational only.
Edit the pattern lists in either script to add or modify detection patterns:
CRITICAL_PATTERNS / $CriticalPatterns - Review requiredHIGH_PATTERNS / $HighPatterns - Review recommended| Avoid | Why | Instead |
|---|---|---|
| Skipping detection before commits | Security files slip through unreviewed | Run detection on every commit with infrastructure changes |
| Treating warnings as blocking | Scripts exit 0 intentionally | Use output to inform review decisions, not block commits |
| Hardcoding custom patterns inline | Drifts from canonical pattern lists | Edit CRITICAL_PATTERNS/HIGH_PATTERNS in the scripts |
| Ignoring HIGH-level matches | Potential security impact overlooked | Review HIGH matches, escalate to security agent when uncertain |
| Running only one language script | May miss platform-specific detection | Use whichever script matches your environment |
After running security detection: