drn/guard
agents/skills/guard/SKILL.md
Pre-commit safety check for secrets, security antipatterns, and test breakage. Use for pre-commit checks, secret scanning, or verifying test safety.
$ install --global
skillsauthnpx skillsauth add drn/dots guardInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 21, 2026, 10:47 AM52.5s1 file scanned
SKILL.md
- name:
- guard
- description:
- Pre-commit safety check for secrets, security antipatterns, and test breakage. Use for pre-commit checks, secret scanning, or verifying test safety.
Pre-commit Guard
Fast safety check before committing. Scans for secrets, security antipatterns, test breakage, and lint issues. Binary pass/fail output.
Arguments
$ARGUMENTS- Optional:--strictfor zero-tolerance mode (warnings also fail)
Context
- Staged files: !
git diff --cached --name-only - Unstaged changes: !
git diff --name-only - Project type: !
find . -maxdepth 1 \( -name go.mod -o -name Gemfile -o -name package.json -o -name Cargo.toml -o -name pyproject.toml \) 2>/dev/null | head -3
Instructions
Run these checks against all staged files (or all changed files if nothing is staged). Be fast -- this is a pre-commit gate, not a full review.
Check 0: Gitignore Violations
Scan staged/changed files for common files that should not be committed:
.env,.env.*files (environment/secrets)node_modules/contents- Build artifacts (
dist/,build/,*.o,*.pyc,__pycache__/) - IDE files (
.idea/,.vscode/settings.json) - OS files (
.DS_Store,Thumbs.db) - Log files (
*.log) - Credential files (
credentials.json,*.pem,*.key)
Report: WARNING if any found (FAIL in --strict mode).
Check 1: Secrets Detection
Scan staged/changed files for:
- API keys, tokens, passwords (patterns:
password\s*=,api_key,secret,token\s*=,Bearer) - AWS credentials (
AKIA,aws_secret_access_key) - Private keys (
-----BEGIN.*PRIVATE KEY-----) - Connection strings with embedded credentials
.envfiles being committed- Hardcoded URLs with credentials (
https://user:pass@)
Report: FAIL if any found, with file and line number.
Check 2: Security Antipatterns
Scan for common dangerous patterns:
eval()orexec()with variable input- SQL string concatenation (instead of parameterized queries)
dangerouslySetInnerHTMLor equivalent- Disabled SSL verification (
verify: false,VERIFY_NONE) - Overly permissive CORS (
Access-Control-Allow-Origin: *) chmod 777or world-readable permissions--no-verifyor security bypass flags in code
Report: FAIL if any found.
Check 3: Test Breakage
Run a quick test check:
IF project has test framework:
Run tests targeting changed files only (same mapping as /test)
Report: PASS or FAIL with failure details
ELSE:
Report: SKIP (no test framework detected)
Keep this fast -- targeted tests only, not the full suite.
Check 4: Lint Check
IF go.mod exists: run `revive -set_exit_status ./...` or `go vet ./...`
IF package.json exists: run `npx eslint {changed files}` if eslint is configured
IF Gemfile exists: run `bundle exec rubocop {changed files} --force-exclusion` if rubocop is configured
IF pyproject.toml exists: run `ruff check {changed files}` if ruff is configured
IF Cargo.toml exists: run `cargo clippy -- -D warnings`
ELSE: SKIP
Report: FAIL if lint errors found.
Output
IF --strict mode:
FAIL if ANY check has warnings or failures
ELSE:
FAIL if ANY check has failures (warnings are noted but pass)
Format:
## Guard Check
| Check | Status | Details |
|-------|--------|---------|
| Gitignore | PASS/WARN | {brief or "Clean"} |
| Secrets | PASS/FAIL | {brief or "Clean"} |
| Security | PASS/FAIL | {brief or "Clean"} |
| Tests | PASS/FAIL/SKIP | {brief or "All passing"} |
| Lint | PASS/FAIL/SKIP | {brief or "Clean"} |
**Result: PASS / FAIL**
{If FAIL: list each issue with file and line number}
{If PASS: "Safe to commit."}
Keep the output concise. This should feel like a quick gate check, not a verbose report.
Related Skills
drn/slides
development
VerifiedTrustedCommunity
Build a self-contained, single-file HTML presentation deck from talking points or a source doc, using a terminal/TUI-styled template with keyboard, tap, and swipe navigation. Use when the user wants to create slides, build a presentation or deck, turn talking points or a doc into a talk, make an HTML slideshow, or produce a presentation as a shareable artifact (instead of Google Slides).
23SKILL.mdUpdated Jun 13, 2026
drn/markdown-preview
development
VerifiedTrustedCommunity
Render a Markdown file to GitHub-flavored HTML and open a styled local preview (light + dark) in the browser. Use when the user wants to preview markdown, see how a README renders on GitHub, check that relative screenshots or images display correctly, or get a GitHub-like local preview without installing grip or glow.
23SKILL.mdUpdated Jun 13, 2026
drn/complete
tools
VerifiedTrustedCommunity
Mark the current Argus task as complete. Use when the work for the current worktree is done and the user wants the task to transition to the "complete" status.
23SKILL.mdUpdated Jun 13, 2026
drn/orchestrate
development
VerifiedTrustedCommunity
Launch a dynamic Workflow where the top-tier session model (Fable) handles planning and orchestration while implementation subagents run on Sonnet for routine tasks and Opus for complex ones. Use when the user wants to orchestrate a build, a dynamic workflow, a model-tiered build, fable planning with sonnet and opus implementation, or tiered agents.
23SKILL.mdUpdated Jun 12, 2026