How does it handle TODO comments?

It encourages best practices by flagging TODOs that lack an issue or ticket reference (e.g., TODO(#123)), while marking unreferenced TODOs as warnings.

Does this skill automatically fix the issues it finds?

No, it acts as an auditor. It provides a detailed report with 'Warning' or 'Blocked' status so you can review and fix the issues before finalizing your commit.

What specifically does the Pre-Commit Audit scan for?

The skill scans for secrets, API keys, debug statements (like console.log), unreferenced TODOs, disabled tests, large files, and blocks of commented-out code.

When is the best time to invoke this skill?

It is best used after you have staged your changes with 'git add' but before you run the final 'git commit' command.

Can it detect leaked AWS or Private Keys?

Yes, it uses pattern matching to identify AWS keys, private keys, and standard credential assignments in your code changes.

Pre-Commit Audit

Name: Pre-Commit Audit
Author: ash1794

byash1794

•

安全与测试

Audits staged git changes to detect secrets, debug logs, and code quality issues before they enter the repository history.

The Pre-Commit Audit skill acts as a final quality gate for developers, scanning staged changes for common mistakes such as exposed API keys, forgotten console logs, and undocumented TODOs. By integrating directly into the Claude Code workflow, it helps maintain high repository standards, prevents security leaks, and ensures that shared branches remain clean and production-ready. It provides a structured report categorizing findings into clean, warning, or blocked status, allowing for rapid remediation of technical debt and security risks.

主要功能

01Automatic secret and credential detection for AWS keys and private tokens

02Monitors staged file sizes and accidental binary file additions

03Identifies forgotten debug statements like console.log and print

04Flags TODOs and FIXMEs lacking ticket or issue references

05Detects disabled tests and excessive commented-out code blocks

066 GitHub stars

使用场景

01Running a final automated check before pushing code to a shared main branch

02Performing a self-review of staged changes to clean up debug logs and technical debt

03Preventing the accidental leakage of sensitive .env files or credentials

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ash1794/vibe-engineering pre-commit-audit

For use in Claude.ai and ChatGPT

主要功能

01Automatic secret and credential detection for AWS keys and private tokens

02Monitors staged file sizes and accidental binary file additions

03Identifies forgotten debug statements like console.log and print

04Flags TODOs and FIXMEs lacking ticket or issue references

05Detects disabled tests and excessive commented-out code blocks

066 GitHub stars

使用场景

01Running a final automated check before pushing code to a shared main branch

02Performing a self-review of staged changes to clean up debug logs and technical debt

03Preventing the accidental leakage of sensitive .env files or credentials

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ash1794/vibe-engineering pre-commit-audit

For use in Claude.ai and ChatGPT