Does this skill work with Git history?

Yes, Tinman specifically checks the full Git history and logs for credentials and secrets that may have been committed accidentally.

How does Tinman handle critical security threats?

When an S4 (Critical) threat is detected, Tinman follows an emergency response protocol that includes halting operations, assessing the scope, and rotating affected credentials.

Can Tinman automate regular security checks?

Yes, Tinman includes a workflow for automated daily monitoring using a cron-based schedule to scan credential permissions and token expirations.

What security risks does Tinman identify?

Tinman identifies risks ranging from S0 (Info) to S4 (Critical), including exposed Git secrets, weak SSH configurations, unencrypted password authentication, and exposed network ports.

Tinman Security Auditor

Name: Tinman Security Auditor
Author: Niraven

byNiraven

•

Security & Testing

Audits and hardens system infrastructure and repository security to prevent credential leaks and vulnerabilities.

Tinman is a dedicated security framework for Claude Code environments and system infrastructure, providing automated auditing across four distinct risk levels. It proactively identifies security gaps such as exposed secrets in Git history, insecure SSH configurations, and open ports, while offering standardized reporting and emergency response protocols. By integrating automated daily monitoring and credential hygiene checks, Tinman ensures that your development environment adheres to the principle of least privilege and maintains robust protection against unauthorized access.

Key Features

01Multi-tier security risk assessment (S0-S4)

02Automated Git secret and credential scanning

03Standardized security audit report generation

04Automated daily monitoring via scheduled cron tasks

05System hardening for SSH, firewalls, and ports

061 GitHub stars

Use Cases

01Hardening remote server infrastructure through automated SSH and firewall audits

02Implementing routine security compliance checks within AI-driven workflows

03Scanning repositories for accidental credential leaks before deployment

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add niraven/pokee-deep-research-skill tinman

For use in Claude.ai and ChatGPT

Download Skill