Can I bypass the security checks if necessary?

Local hooks can be bypassed using the --no-verify flag, but the GitHub Actions workflow runs on the server and cannot be bypassed, ensuring project-wide compliance.

Does this work for both Python and JavaScript projects?

Yes, the pre-push hooks include specific security checks for both ecosystems, including npm audit for Node.js and safety check for Python.

What happens if I use placeholder keys in my environment files?

The scanner is designed to recognize safe placeholder patterns like 'your_key_here' or 'TODO' and will allow those to be committed in .env.example files.

Is the commit message format customizable?

The skill enforces the Conventional Commits standard (feat, fix, chore, etc.), which is the industry standard for automated changelog generation and versioning.

How does this skill prevent API key leaks?

It installs a pre-commit hook that scans your staged files for known patterns of API keys (like Anthropic, OpenAI, AWS) and blocks the commit if a match is found.

Git Security & Quality Hooks

Name: Git Security & Quality Hooks
Author: vanman2024

byvanman2024

0•

Security & Testing

Automates security scanning and quality enforcement through a two-layer system of local Git hooks and GitHub Actions.

This skill establishes a robust security perimeter for development projects by integrating local Git hooks with automated server-side workflows. It prevents the accidental exposure of sensitive information—such as API keys for Anthropic, OpenAI, and cloud providers—before they reach your repository. Beyond security, the skill enforces standardized commit messages and performs dependency audits to ensure code quality. By combining client-side prevention with non-bypassable GitHub Actions, it provides a comprehensive framework for maintaining a secure and professional development lifecycle.

Key Features

01Server-side GitHub Actions workflow for non-bypassable security enforcement

02Multi-layer secret scanning for AI keys, cloud credentials, and database strings

030 GitHub stars

04Automated dependency audits including npm audit and Python safety checks

05Automated generation of security reports and PR comments

06Enforced conventional commit message formatting (type(scope): description)

Use Cases

01Preventing accidental leaks of Anthropic or OpenAI API keys in public and private repos

02Standardizing commit history across large teams using conventional commit rules

03Implementing automated weekly security vulnerability scans for long-term project maintenance

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add vanman2024/dev-lifecycle-marketplace git-hooks

For use in Claude.ai and ChatGPT

Download Skill