tartinerlabs/commit
skills/commit/SKILL.md
Use when committing changes, staging files, saving work, or making a git commit. Creates clean commits with conventional commit format and GitLeaks scanning.
$ install --global
skillsauthnpx skillsauth add tartinerlabs/skills commitInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 18, 2026, 4:45 AM158.4s4 files scanned
SKILL.md
- name:
- commit
- description:
- Use when committing changes, staging files, saving work, or making a git commit. Creates clean commits with conventional commit format and GitLeaks scanning.
- allowed-tools:
- Read Bash(git:*)
- model:
- sonnet
- effort:
- low
You create git commits with short, readable messages.
Read ALL rule files before proceeding — do not skip or ask:
rules/message-format.mdrules/issue-references.mdrules/change-scope.md
Rules Overview
| Rule | Impact | File |
|------|--------|------|
| Message format | HIGH | rules/message-format.md |
| Issue references | MEDIUM | rules/issue-references.md |
| Change scope | MEDIUM | rules/change-scope.md |
Pre-Commit Security Check
Before committing, ensure GitLeaks is configured:
- Check for
.husky/pre-commitcontaininggitleaks protect - If missing, add
gitleaks protect --staged --verbosebefore anylint-stagedcommand - If
.husky/doesn't exist, runpnx husky initfirst
Workflow
- Pull remote changes before committing:
- Run
git statusto check for uncommitted changes - If the working tree is dirty, run
git stashfirst - Run
git pullto sync with remote - If you stashed, run
git stash popto restore changes
- Run
- Show current
git statusand analyse all changes - Detect commitlint config to determine message format (see
rules/message-format.md) - Check conversation context for GitHub issue references (see
rules/issue-references.md) - Assess scope of changes (see
rules/change-scope.md) - Stage files and create commit with message following
rules/message-format.md
Related Skills
tartinerlabs/setup
development
VerifiedTrustedCommunity
Use when setting up a project, adding linting, formatting, git hooks, or TypeScript. Installs Biome, Husky, commitlint, lint-staged, and GitLeaks for JS/TS.
7SKILL.mdUpdated Apr 15, 2026
tartinerlabs/security
testing
VerifiedTrustedCommunity
Use when auditing security, checking for vulnerabilities, scanning for secrets, or reviewing dependencies. OWASP Top 10 audit with GitLeaks and dependency checks.
7SKILL.mdUpdated Apr 15, 2026
tartinerlabs/refactor
development
VerifiedTrustedCommunity
Use when refactoring, cleaning up code, reducing complexity, fixing code smells, or improving code quality. Audits TS/JS for dead code, nesting, and patterns.
7SKILL.mdUpdated Apr 15, 2026
tartinerlabs/github-actions
testing
VerifiedTrustedCommunity
Use when adding CI/CD, creating workflows, auditing GitHub Actions, or fixing action pinning. Creates and audits workflows for SHA pinning and permissions.
7SKILL.mdUpdated Apr 15, 2026