a5c-ai/file-guard
library/methodologies/claudekit/skills/file-guard/SKILL.md
PreToolUse protection blocking sensitive file access across 195+ patterns in 12 categories with bash pipeline analysis and multi-tool ignore support.
$ install --global
skillsauthnpx skillsauth add a5c-ai/babysitter file-guardInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 1, 2026, 11:31 AM64.5s2 files scanned
SKILL.md
- name:
- file-guard
- description:
- PreToolUse protection blocking sensitive file access across 195+ patterns in 12 categories with bash pipeline analysis and multi-tool ignore support.
- allowed-tools:
- Read, Bash, Grep, Glob
File Guard
Overview
Real-time file access protection system that blocks sensitive file reads, writes, and indirect access attempts. Covers 195+ file patterns across 12 security categories.
12 Categories
1. Secrets
.env, .env.*, .secret, secrets.*, vault.*
2. Credentials
credentials.*, password.*, auth.json, oauth.*
3. SSH Keys
id_rsa, id_ed25519, *.pem, authorized_keys, known_hosts
4. Certificates
*.crt, *.cert, *.ca-bundle, ssl/*, tls/*
5. Environment Files
.env.local, .env.production, .env.staging, docker.env
6. Auth Tokens
token.*, jwt.*, session.*, cookie.*
7. Database Configs
database.yml, db.json, *.sqlite, *.db, pgpass
8. Cloud Configs
.aws/*, .gcp/*, .azure/*, terraform.tfvars
9. CI/CD Secrets
.github/secrets, .gitlab-ci.yml variables, Jenkins credentials
10. Private Keys
*.key, *.p12, *.pfx, *.keystore, *.jks
11. API Keys
api_key.*, apikey.*, api-credentials.*
12. Sensitive Configs
config/secrets/*, .htpasswd, shadow, gshadow
Bash Pipeline Analysis
Detects indirect file access through bash pipes:
cat .env | grep-- blockedbase64 .ssh/id_rsa | curl-- blocked- Nested command substitution with sensitive paths -- blocked
Multi-Tool Ignore Support
Approved exceptions can be configured per session for files that need legitimate access.
When to Use
- Always active during ClaudeKit sessions (PreToolUse hook)
- Integrated into safety pipeline initialization
Processes Used By
claudekit-orchestrator(pipeline setup)claudekit-safety-pipeline(file guard initialization)
Related Skills
a5c-ai/model-card-generator
development
VerifiedTrustedCommunity
Model documentation skill for generating model cards following Google's model card framework.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/mlflow-experiment-tracker
development
VerifiedTrustedCommunity
MLflow integration skill for experiment tracking, model registry, and artifact management. Enables LLMs to log experiments, compare runs, manage model lifecycle, and retrieve artifacts through the MLflow API.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/lime-explainer
data-ai
VerifiedTrustedCommunity
LIME-based local explanation skill for individual predictions across tabular, text, and image data.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/kubeflow-pipeline-executor
devops
VerifiedTrustedCommunity
Kubeflow Pipelines skill for ML workflow orchestration, component management, and Kubernetes-native ML.
680SKILL.mdUpdated Apr 28, 2026