save-yourself

One-command security bootstrapper. Hardens .env handling, scans for credential leaks and hardcoded secrets, audits dependencies in parallel (Node, Go, Rust, Python, Java via CycloneDX SBOM), installs a gitleaks pre-commit hook (Guardian Mode), wires up Claude Code real-time secret scanning, and optionally generates a GitHub Actions CI workflow and CLAUDE.md security status block.

save-yourself

One-command security bootstrapper for Claude Code projects.

Run it once at project start. Leave the project hardened.

What it does

Repo visibility check — detects public repos and escalates severity for all findings
Stack detection — Node.js, Go, Rust, Python, Java (checks root + monorepo subpackages)
.env protection suite:
- Adds .env to .gitignore automatically
- Warns if .env is currently tracked by git
- Scans git history for past .env commits
- Scans tracked files for hardcoded secrets (API keys, tokens, passwords)
- Creates or merges .env.example
Credential file scanner — flags tracked .npmrc, GCP service account keys, Docker configs, .pem/.key files
Dependency audit — npm audit, govulncheck, cargo audit, pip-audit, osv-scanner with unified output
GitHub Actions workflow (opt-in) — CI that runs all checks on every PR
CLAUDE.md security status (opt-in) — so future sessions inherit the security context
Guardian Mode (opt-in) — gitleaks pre-commit hook that blocks commits containing secrets
Claude Code Defense Layer (opt-in) — real-time secret scanning in Write/Edit/Bash calls via CC PreToolUse hooks

Install

Step 1 — Add the marketplace (one-time):

/plugin marketplace add kamikaze011001/save-yourself

Step 2 — Install the plugin:

/plugin install save-yourself@kamikaze011001

To install for your whole team (checked into the repo):

/plugin install save-yourself@kamikaze011001 --scope project

Usage

/save-yourself

Run before each release.

Supported stacks (v0.2)

Node.js / TypeScript (npm audit)
Go (govulncheck)
Rust (cargo audit)
Python (pip-audit)
Java / Maven / Gradle (osv-scanner)

What it fixes automatically

Adds .env and variants to .gitignore
Creates or merges .env.example
Installs gitleaks pre-commit hook (Guardian Mode, opt-in)
Wires up Claude Code real-time secret scanning (CC Defense Layer, opt-in)

Everything else (dep upgrades, secret removal, git history rewriting) requires your explicit action — with exact commands provided.

References

Built using the threat model and security practices from the Claude Code Mastery course by ShipWithAI.

License

MIT

save-yourself

Popularity

What's Inside

README

save-yourself

What it does

Install

Usage

Supported stacks (v0.2)

What it fixes automatically

References

License

Confidence

Similar Plugins

credential-guard

audit

sentinel

security-reviewer

secrets-guard

security-guidance

Popularity

Health & Quality

Similar Plugins

credential-guard

audit

sentinel

security-reviewer

secrets-guard

security-guidance