| name | brewedops-scanloop |
| description | Emulates the scanloop process by reviewing diffs and code for secrets, security holes, and structural risks before claiming a fix is complete. |
BrewedOps Scanloop
Trigger: Use this skill after completing a build chunk or a fix, before finalizing it.
Overview
The scanloop is a required static analysis pass on your work to ensure no security vulnerabilities, leaked secrets, or glaring structural issues are introduced.
Process
- Self-Review: Look at the changes you just made.
- Secret Check: Did you hardcode any API keys, tokens, or passwords? If so, remove them and replace them with environment variables or configuration lookups. (Emulating
gitleaks)
- Security Check: Are there any obvious injection vulnerabilities or missing validations? (Emulating
semgrep)
- Dependency Check: Did you add new dependencies? Are they reputable and up to date? (Emulating
osv-scanner)
Outcome
Do not proceed to greploop or mark a task as complete until you have explicitly confirmed in your thought process that the code passes the scanloop checks.