luongnv89/auto-push
skills/auto-push/SKILL.md
Generate a commit message, stage all changes, and push to remote after scanning for secrets, large files, and protected-branch risks. Skip for opening PRs, code review, or cutting releases/tags.
$ install --global
skillsauthnpx skillsauth add luongnv89/skills auto-pushInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 28, 2026, 11:58 AM124.3s3 files scanned
SKILL.md
- name:
- auto-push
- description:
- Generate a commit message, stage all changes, and push to remote after scanning for secrets, large files, and protected-branch risks. Skip for opening PRs, code review, or cutting releases/tags.
- license:
- MIT
- effort:
- low
- version:
- 1.0.2
- author:
- Luong NGUYEN <[email protected]>
Commit and Push Everything
CAUTION: Stage ALL changes, commit, and push to remote. Use only when confident all changes belong together.
When to Use
Trigger this skill when the user asks to "commit and push everything", "ship this", "auto-push", or otherwise wants a one-shot stage-commit-push for the current working tree. Skip when they want PRs, code review, releases, or tags.
Sync Repo Before Edits
Before creating/updating/deleting files in an existing repository, sync the current branch with remote:
branch="$(git rev-parse --abbrev-ref HEAD)"
git fetch origin
git pull --rebase origin "$branch"
If the working tree is not clean, stash first, sync, then restore:
git stash push -u -m "pre-sync"
branch="$(git rev-parse --abbrev-ref HEAD)"
git fetch origin && git pull --rebase origin "$branch"
git stash pop
If origin is missing, pull is unavailable, or rebase/stash conflicts occur, stop and ask the user before continuing.
Instructions
Step 1: Analyze Changes
Run in parallel:
git status- Show modified/added/deleted/untracked filesgit diff --stat- Show change statisticsgit log -1 --oneline- Show recent commit for message style
Step 2: Run Safety Checks
❌ STOP and WARN if detected:
- Secrets:
.env*,*.key,*.pem,credentials.json,secrets.yaml,id_rsa,*.p12,*.pfx,*.cer - API Keys: Any
*_API_KEY,*_SECRET,*_TOKENvariables with real values (not placeholders likeyour-api-key,xxx,placeholder) - Large files:
>10MBwithout Git LFS - Build artifacts:
node_modules/,dist/,build/,__pycache__/,*.pyc,.venv/ - Temp files:
.DS_Store,thumbs.db,*.swp,*.tmp
API Key Validation: Check modified files for patterns like:
OPENAI_API_KEY=sk-proj-xxxxx # ❌ Real key detected!
AWS_SECRET_KEY=AKIA... # ❌ Real key detected!
STRIPE_API_KEY=sk_live_... # ❌ Real key detected!
# ✅ Acceptable placeholders:
API_KEY=your-api-key-here
SECRET_KEY=placeholder
TOKEN=xxx
API_KEY=<your-key>
SECRET=${YOUR_SECRET}
✅ Verify:
.gitignoreproperly configured- No merge conflicts
- Correct branch (warn if main/master)
- API keys are placeholders only
Step 3: Confirm and Execute
Present a short summary as a dry-run preview, then proceed directly when safety checks pass. If any safety check fails, STOP and ask for explicit user confirmation before continuing — never bypass a failed safety check without a confirmation prompt.
📊 Changes Summary:
- X files modified, Y added, Z deleted
- Total: +AAA insertions, -BBB deletions
🔒 Safety: ✅ No secrets | ✅ No large files | ⚠️ [warnings]
🌿 Branch: [name] → origin/[name]
Proceeding now: git add . → commit → push
When all safety checks pass, proceed directly without an additional yes/no confirmation prompt.
Step 4: Stage Files
Run sequentially:
git add .
git status # Verify staging
Step 5: Generate Commit Message
Analyze changes and create conventional commit:
Format:
[type]: Brief summary (max 72 characters)
- Key change 1
- Key change 2
- Key change 3
Types: feat, fix, docs, style, refactor, test, chore, perf, build, ci
Example:
docs: Update concept README files with comprehensive documentation
- Add architecture diagrams and tables
- Include practical examples
- Expand best practices sections
Step 6: Commit and Push
git commit -m "$(cat <<'EOF'
[Generated commit message]
EOF
)"
git push # If fails: git pull --rebase && git push
git log -1 --oneline --decorate # Verify
Step 7: Report Success
✅ Successfully pushed to remote!
Commit: [hash] [message]
Branch: [branch] → origin/[branch]
Files changed: X (+insertions, -deletions)
Expected Output
On success, the skill outputs a confirmation block:
✅ Successfully pushed to remote!
Commit: abc1234 feat: add login page with OAuth support
Branch: feature/auth → origin/feature/auth
Files changed: 4 (+112, -8)
If safety checks block the push, the skill outputs:
❌ Push blocked — secrets detected
.env: OPENAI_API_KEY=sk-proj-xxxxx (real key)
Action required: remove or rotate the key, then re-run /auto-push.
Acceptance Criteria
The skill run is successful when all of the following hold:
- [ ] Working tree synced with origin (
git fetchran; rebase clean or stash/pop completed without conflicts) - [ ] Safety scan reported no secrets, no real API keys, and no large binaries — or the user explicitly confirmed each warning
- [ ] Branch is correct (warned and confirmed if
main/master) - [ ] Commit message follows the conventional format from Step 5
- [ ]
git pushexited 0 andgit log -1shows the new commit on the remote-tracking ref - [ ] Final success report printed (commit hash, branch, file counts)
Handle Edge Cases and Errors
For the edge-case table, per-phase step-completion report format, error-handling guidance, and alternative workflows (selective staging, interactive git add -p, PR flow), see references/edge-cases-and-reports.md.
Remember: Always review changes before pushing. When in doubt, use individual git commands for more control.
Related Skills
luongnv89/release-manager
documentation
VerifiedTrustedCommunity
Manage software releases end-to-end: bump version, generate changelog, tag, push, GitHub release, publish to PyPI/npm. Use when user asks to ship, cut a release, tag a version, or list changes since last tag. Skip routine commits and marketplace publishing.
81SKILL.mdUpdated Apr 6, 2026
luongnv89/dont-make-me-think
development
VerifiedTrustedCommunity
Review UI for usability issues using Steve Krug's principles and produce a scannable report. Use when asked for a usability audit, UX review, or UI feedback on screenshots, URLs, or code. Don't use for visual/brand design critique, accessibility (WCAG) audits, or backend/API review.
81SKILL.mdUpdated Apr 6, 2026
luongnv89/idea-validator
development
VerifiedTrustedCommunity
Validate app/startup ideas with market, feasibility, commercial, and open-source competitor analysis. Use when asked to evaluate, validate, or score a product idea. Don't use for PRDs, go-to-market plans, or investor decks.
78SKILL.mdUpdated Apr 6, 2026
luongnv89/security-setup
testing
VerifiedTrustedCommunity
Install local-first security hardening: pre-commit secret detection, offline dependency scans, static analysis, reports, and gated free CI. Use when hardening repos or adding security hooks. Don't use for incident response or cloud security reviews.
74SKILL.mdUpdated May 3, 2026