Which Git objects can I scan?

You can scan Pull Requests, specific commit hashes, ranges of commits, staged changes (pre-commit), or uncommitted working directory changes.

Does it support CI/CD integration?

Yes, while designed for Claude Code, its output and git-based triggers make it ideal for integration into PR review workflows and CI/CD security gates.

Do I need to create a threat model manually?

No. If a threat model or security config is missing in your .factory directory, the skill will automatically generate them based on your repository's architecture.

How are the results formatted?

Findings are saved to a security-findings.json file, which includes CWE IDs, severity levels (Critical to Low), exploit scenarios, and specific code context.

What types of vulnerabilities can this skill detect?

The skill scans for all STRIDE categories, covering SQL injection, XSS, command injection, broken authentication, IDOR, sensitive data exposure, and more.

Commit Security Scanner

Name: Commit Security Scanner
Author: plurigrid

byplurigrid

•

セキュリティとテスト

Analyzes code changes for security vulnerabilities using LLM-powered reasoning and STRIDE threat modeling patterns.

The Commit Security Scanner is a specialized Claude Code skill designed to integrate deep security analysis into your development workflow. By leveraging LLM reasoning and the STRIDE threat model (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege), it automatically scans pull requests, specific commits, or staged changes to identify critical risks like SQL injection, improper authorization, and hardcoded secrets. It uniquely ensures context-aware results by automatically generating a repository-specific threat model if one is missing, providing developers with actionable JSON reports and remediation advice directly within their CLI environment.

主な機能

01Automatic generation of repository threat models and security configs

02Data flow tracing from source to sink with mitigation checking

03Standardized security reports with CWE mappings and severity scores

04Comprehensive STRIDE-based vulnerability analysis

05Support for PRs, commit ranges, and staged changes

068 GitHub stars

ユースケース

01Auditing legacy codebases or feature branches for security regressions

02Automating security audits during pull request reviews

03Performing pre-commit checks to catch vulnerabilities before they reach the remote

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add plurigrid/asi commit-security-scan

For use in Claude.ai and ChatGPT

Download Skill