asamassekou10/ship-safe-baseline
claude-code-plugin/skills/ship-safe-baseline/SKILL.md
Manage your security baseline — accept current findings as known debt, then only report new regressions on future scans. Use when the user wants to adopt security scanning incrementally or suppress existing findings.
$ install --global
skillsauthnpx skillsauth add asamassekou10/ship-safe ship-safe-baselineInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 5:35 PM101.2s1 file scanned
SKILL.md
- name:
- ship-safe-baseline
- description:
- Manage your security baseline — accept current findings as known debt, then only report new regressions on future scans. Use when the user wants to adopt security scanning incrementally or suppress existing findings.
- argument-hint:
- [path] [--diff] [--clear]
Ship Safe — Baseline Management
You are helping the user manage their security baseline. A baseline lets teams "accept" current findings as known technical debt and only see new regressions on future scans.
Understand the request
- No flags or just a path → Create/update the baseline
--diff→ Show what changed since the baseline was created--clear→ Remove the baseline
Step 1: Run the baseline command
npx ship-safe@latest baseline $ARGUMENTS 2>&1
If $ARGUMENTS is empty, default to .:
npx ship-safe@latest baseline . 2>&1
For diff mode:
npx ship-safe@latest baseline . --diff 2>&1
For clearing:
npx ship-safe@latest baseline --clear 2>&1
Step 2: Explain the result
If creating a baseline:
- Report how many findings were baselined
- Explain that
.ship-safe/baseline.jsonwas created - Tell the user they can now run
npx ship-safe audit . --baseline(or/ship-safe --baseline) to only see new findings - Recommend adding
.ship-safe/baseline.jsonto version control so the whole team shares the same baseline
If showing diff:
- Report new findings (not in baseline) — these are regressions
- Report resolved findings (in baseline but no longer detected) — these are improvements
- If no changes, confirm the codebase matches the baseline
If clearing:
Confirm the baseline was removed. Future scans will show all findings again.
Step 3: Suggest workflow
After creating a baseline, suggest this workflow:
- CI pipeline: Add
npx ship-safe audit . --baseline --jsonto fail builds only on new findings - Periodic review: Run
/ship-safe-baseline --diffto track progress on reducing technical debt - After fixing: Run
/ship-safe-baseline .to update the baseline
Important Notes
- The baseline uses content-based fingerprints (
rule:path:snippet), not line numbers — so the baseline survives code reformatting and line shifts - Creating a baseline does NOT mean the findings are safe — it means the team acknowledges them and will address them over time
Related Skills
asamassekou10/ship-safe
tools
VerifiedTrustedCommunity
Run a full security audit on this project — 16 agents scan for secrets, injections, auth bypass, SSRF, supply chain, Supabase RLS, MCP security, agentic AI, RAG poisoning, PII compliance, and more. Use when the user wants a security audit, vulnerability scan, or asks if their code is safe to ship.
420SKILL.mdUpdated Apr 16, 2026
asamassekou10/ship-safe-score
development
VerifiedTrustedCommunity
Get your project's security health score (0-100, A-F grade). Use when the user wants a quick security check or asks "is my code safe to ship?"
420SKILL.mdUpdated Apr 16, 2026
asamassekou10/ship-safe-scan
development
VerifiedTrustedCommunity
Quick scan for leaked secrets — API keys, passwords, tokens, database URLs. Use when the user wants to check for hardcoded secrets or exposed credentials.
420SKILL.mdUpdated Apr 16, 2026
asamassekou10/ship-safe-red-team
tools
VerifiedTrustedCommunity
Run a multi-agent red team scan — 16 specialized security agents scan for 80+ attack classes including injection, auth bypass, SSRF, supply chain, Supabase RLS, MCP security, agentic AI, RAG poisoning, PII compliance, and more. Use when the user wants a deep security analysis beyond just secrets.
420SKILL.mdUpdated Apr 16, 2026