Stats
Actions
Tags
From copilot-cli-toolkit
Detects changes to infrastructure and security-critical files like CI/CD workflows, Dockerfiles, git hooks, env files, and auth code to recommend security agent reviews.
How this skill is triggered — by the user, by Claude, or both
Slash command
/copilot-cli-toolkit:security-detectionclaude-haiku-4-5The summary Claude sees in its skill listing — used to decide when to auto-load this skill
| Trigger Phrase | Operation |
| Trigger Phrase | Operation |
|---|---|
scan for security changes | detect-infrastructure with staged files |
check security-critical files | detect-infrastructure with file list |
run security scan on changes | detect-infrastructure analysis |
do I need a security review | Risk-level assessment of changed files |
check infrastructure changes | Pattern matching against critical/high lists |
Use this skill when:
Use the security agent directly instead when:
| Script | Language | Usage |
|---|---|---|
detect_infrastructure.py | Python 3 | Cross-platform |
# Analyze staged files
python detect_infrastructure.py --git-staged
# Analyze specific files
python detect_infrastructure.py .github/workflows/ci.yml src/auth/login.cs
When security-critical files are detected:
=== Security Review Detection ===
CRITICAL: Security agent review REQUIRED
Matching files:
[CRITICAL] .github/workflows/deploy.yml
[HIGH] src/Controllers/AuthController.cs
Run security agent before implementation:
Task(subagent_type="security", prompt="Review infrastructure changes")
When no matches:
No infrastructure/security files detected.
| Level | Meaning | Action |
|---|---|---|
| CRITICAL | Immediate security implications | Review REQUIRED |
| HIGH | Potential security impact | Review RECOMMENDED |
.github/workflows/*).githooks/*, .husky/*)**/Auth/**, **/Security/**)*.env*)*.pem, *.key, *secret*)build/**/*.ps1, scripts/**/*.sh)Dockerfile*, docker-compose*)**/Controllers/**)appsettings*.json)*.tf, *.tfvars, *.bicep)Add to .githooks/pre-commit:
# Security detection (non-blocking warning)
python3 .claude/skills/security-detection/detect_infrastructure.py --git-staged
- name: Check security-critical files
run: python .claude/skills/security-detection/detect_infrastructure.py --git-staged
| Code | Meaning |
|---|---|
| 0 | Success (warning shown if matches found, non-blocking) |
The scripts are designed to be non-blocking warnings. They always exit 0 to avoid blocking commits or CI. The warning is informational only.
Edit the pattern lists in either script to add or modify detection patterns:
CRITICAL_PATTERNS / $CriticalPatterns - Review requiredHIGH_PATTERNS / $HighPatterns - Review recommended| Avoid | Why | Instead |
|---|---|---|
| Skipping detection before commits | Security files slip through unreviewed | Run detection on every commit with infrastructure changes |
| Treating warnings as blocking | Scripts exit 0 intentionally | Use output to inform review decisions, not block commits |
| Hardcoding custom patterns inline | Drifts from canonical pattern lists | Edit CRITICAL_PATTERNS/HIGH_PATTERNS in the scripts |
| Ignoring HIGH-level matches | Potential security impact overlooked | Review HIGH matches, escalate to security agent when uncertain |
| Running only one language script | May miss platform-specific detection | Use whichever script matches your environment |
After running security detection:
npx claudepluginhub rjmurillo/ai-agentsDetects changes to infrastructure and security-critical files like CI/CD workflows, Dockerfiles, Terraform configs, auth code, and env files; recommends security agent review before commits or in CI.
Performs security reviews for risky code changes like sensitive file edits, shell commands, dependencies, CI/CD, and secrets using Clawdstrike MCP tools for policy checks.
Reviews implementation changes for vulnerabilities, insecure patterns, and coding best practices. Focuses on code deltas rather than full audits.