How does this skill prevent secret leaks?

It utilizes the SecretLeakGuard to scan file contents and environment variables for patterns matching API keys, tokens, and private credentials before they are committed or written to disk.

Does it monitor shell commands in real-time?

Absolutely. It evaluates every shell command against the ShellCommandGuard policy to block dangerous or destructive system modifications before execution.

Can I restrict which directories Claude can access?

Yes, the skill uses ForbiddenPathGuard and PathAllowlistGuard to ensure file operations stay within authorized boundaries and prevents access to sensitive areas like ~/.ssh or /etc.

Is it suitable for infrastructure-as-code environments?

Yes, it is specifically designed to audit changes to CI/CD pipelines, Dockerfiles, and infrastructure configurations to maintain environment integrity.

What happens if a security risk is detected?

The skill flags the issue with a severity level (Critical to Low) and suggests safer alternatives or blocks the action if it violates your defined Clawdstrike policies.

Clawdstrike Security Review

Name: Clawdstrike Security Review
Author: backbay-labs

bybackbay-labs

•

273

•

Security & Testing

Provides runtime security enforcement and threat hunting for AI-driven code changes and system operations.

The Clawdstrike Security Review skill acts as an automated security auditor for Claude Code, ensuring that autonomous actions comply with organizational safety policies. It monitors for sensitive file access, dangerous shell commands, secret leaks, and unauthorized network egress by integrating with the Clawdstrike engine. By proactively checking actions against pre-defined guards like ForbiddenPath and SecretLeak, it prevents accidental exposure of credentials and unauthorized system modifications, making it an essential tool for managing autonomous AI fleets in sensitive production or development environments.

Key Features

01Proactive risk assessment of CI/CD and infrastructure configuration changes

02Filesystem protection via allowlists and forbidden path enforcement

03273 GitHub stars

04Automated secret scanning to prevent credential leaks in code and configuration

05Egress control to monitor and block unauthorized network requests

06Real-time shell command validation against customizable safety policies

Use Cases

01Scanning codebases for accidentally committed secrets, API keys, or private certificates

02Auditing shell commands executed by autonomous agents to prevent system compromise

03Reviewing and securing infrastructure-as-code changes before deployment

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add backbay-labs/clawdstrike security-review

For use in Claude.ai and ChatGPT

Key Features

01Proactive risk assessment of CI/CD and infrastructure configuration changes

02Filesystem protection via allowlists and forbidden path enforcement

03273 GitHub stars

04Automated secret scanning to prevent credential leaks in code and configuration

05Egress control to monitor and block unauthorized network requests

06Real-time shell command validation against customizable safety policies

Use Cases

01Scanning codebases for accidentally committed secrets, API keys, or private certificates

02Auditing shell commands executed by autonomous agents to prevent system compromise

03Reviewing and securing infrastructure-as-code changes before deployment