zbruhnke/install-precommit
.claude/skills/install-precommit/SKILL.md
Install the pre-commit review hook that forces you to understand changes before committing. Use when you want to enable commit reviews or when setting up a new project.
$ install --global
skillsauthnpx skillsauth add zbruhnke/claude-code-starter install-precommitInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 3:52 PM4.5s1 file scanned
SKILL.md
- name:
- install-precommit
- description:
- Install the pre-commit review hook that forces you to understand changes before committing. Use when you want to enable commit reviews or when setting up a new project.
- tools:
- Read, Write, Bash
- user-invocable:
- true
You are helping the user install the pre-commit review hook.
What This Hook Does
The pre-commit review hook runs before every git commit and:
- Shows files being committed with their status (added/modified/deleted)
- Shows lines added and removed
- Detects potentially sensitive files (.env, secrets, keys)
- Detects debug statements (console.log, print, debugger, etc.)
- Shows new dependencies being added
- Shows TODOs being introduced
- Requires user confirmation (y/n/d for diff) before proceeding
This prevents "vibe coding" - blindly committing AI-generated code without understanding it.
Installation Steps
-
Check prerequisites:
- Verify this is a git repository (
.gitdirectory exists) - Check if a pre-commit hook already exists
- Verify this is a git repository (
-
Create the hook script: If
.claude/hooks/pre-commit-review.shdoesn't exist, create it with the standard implementation. -
Install as git hook:
- Create
.git/hooks/directory if needed - Copy or symlink the script to
.git/hooks/pre-commit - Make it executable
- Create
-
Verify installation:
- Confirm the hook is in place
- Show the user how to test it
- Explain how to bypass if needed
Hook Script Source
The pre-commit hook script is located at .claude/hooks/pre-commit-review.sh.
Do NOT embed a copy here - always use the canonical version from the hooks directory. This ensures updates to the hook are applied everywhere.
If .claude/hooks/pre-commit-review.sh doesn't exist in the user's project, they may need to copy it from a template or create it based on their needs.
After Installation
Tell the user:
- The hook is now active for all future commits
- To skip the review (not recommended):
SKIP_PRE_COMMIT_REVIEW=1 git commit -m "message" - To uninstall:
rm .git/hooks/pre-commit
Output Format
[OK] Pre-commit review hook installed
Location: .git/hooks/pre-commit
Source: .claude/hooks/pre-commit-review.sh
The hook will run before every commit, showing:
- Files being committed
- Lines added/removed
- Potential issues (sensitive files, debug statements)
- Requires your confirmation before proceeding
To test: stage some files and run `git commit`
To skip: SKIP_PRE_COMMIT_REVIEW=1 git commit -m "message"
To remove: rm .git/hooks/pre-commit
Related Skills
zbruhnke/wiggum
development
VerifiedTrustedCommunity
Start an autonomous implementation loop from a spec or PRD. Enters plan mode for user approval, enforces command gates (test/lint/typecheck/build), validates dependencies, commits incrementally, and maintains documentation and changelog. Production-ready quality gates.
13SKILL.mdUpdated Apr 16, 2026
zbruhnke/risk-register
testing
VerifiedTrustedCommunity
Document risks for changes touching auth, data, or migrations. Lists top risks, how to test/monitor them, and rollback strategy.
13SKILL.mdUpdated Apr 16, 2026
zbruhnke/review-mr
data-ai
VerifiedTrustedCommunity
Review a merge request or branch. Compares a branch against main/master, summarizes changes, highlights concerns, and provides actionable feedback. Use for PR reviews or before merging.
13SKILL.mdUpdated Apr 16, 2026
zbruhnke/release-checklist
development
VerifiedTrustedCommunity
Run a final release checklist before shipping. Verifies no TODOs, no debug code, docs updated, tests passing, dependencies justified, and security reviewed.
13SKILL.mdUpdated Apr 16, 2026