// Pre-push hygiene check for GitHub repositories. Scans for PII, secrets, and sensitive data before pushing. Audits commit messages, enforces repo-specific blocklists, and rate-limits pushes to avoid GitHub abuse detection. Use before any git push, especially to public repos.
Klaviyo marketing operations and analyst expertise. Audit flows, segments, campaigns, deliverability, and revenue attribution. Use when the user asks about Klaviyo marketing strategy, email/SMS automation, customer segmentation, flow optimization, or lifecycle marketing. For API integration, SDK, webhook, or developer questions, see the klaviyo-developer skill.
Klaviyo API and developer integration expertise. Event tracking, SDKs, webhooks, rate limits, OAuth, catalog sync, and code patterns. Use when the user asks about Klaviyo API, integrating with Klaviyo, tracking events, building custom integrations, webhook handling, or developer implementation. For marketing strategy, flow optimization, and campaign auditing, see the klaviyo-analyst skill.
Generate, audit, or update GitHub READMEs with project-type-aware structure, voice calibration, and SEO/AEO discoverability guidance. Three modes: generate (new), audit (check existing), update (patch). Detects repo type and adapts sections, tone, and badges accordingly.
Google Tag Manager expertise. Audit GTM containers, design tag and trigger architecture, debug firing issues, implement consent mode v2, and advise on server-side tagging. Use when the user asks about GTM, tag management, container audits, consent mode, server-side tagging, or tracking implementation.
Comprehensive content marketing toolkit with brand voice analysis, SEO optimization scripts, content frameworks, social media strategy, and content calendar planning. Use when writing blog posts, creating social media content, analyzing brand voice, optimizing SEO, planning content calendars, or developing content strategy. For deep SEO writing optimization, see the seo-content-writer skill.
One-command GitHub repository health audit. Checks for missing standard files, GitHub configuration, branch protection, documentation quality, and code hygiene. Produces a scored health report with prioritized fix recommendations.
| name | safe-push |
| description | Pre-push hygiene check for GitHub repositories. Scans for PII, secrets, and sensitive data before pushing. Audits commit messages, enforces repo-specific blocklists, and rate-limits pushes to avoid GitHub abuse detection. Use before any git push, especially to public repos. |
| license | MIT |
| origin | custom |
| author | Rebecca Rae Barton |
| author_url | https://github.com/thatrebeccarae |
| metadata | {"version":"1.2.0","category":"devops","domain":"git","updated":"2026-05-08T00:00:00.000Z","tested":"2026-05-08T00:00:00.000Z","tested_with":"Claude Code v2.1"} |
Pre-push hygiene check for GitHub repositories. Use when the user asks to push code, especially to public repos.
When the user says "push", "safe push", "push to GitHub", or runs /safe-push.
The skill loads patterns from ~/.claude/safe-push-blocklist. Copy the bundled template and customize:
cp safe-push-blocklist.template ~/.claude/safe-push-blocklist
$EDITOR ~/.claude/safe-push-blocklist
The template includes commented-out examples for client names, hostnames, IP ranges, tracking IDs, and Slack token shapes. Replace them with values specific to your environment.
If the file is missing, the skill runs with a warning instead of erroring — but personal pattern checks are skipped, so creating it is strongly recommended.
# Check if public repo
git remote -v
# Check for .public-repo marker
test -f .public-repo && echo "PUBLIC" || echo "private or unmarked"
If public (or pushing to a public remote): apply ALL checks below. If private: apply only the PII scan (step 2).
Load your personal pattern list from ~/.claude/safe-push-blocklist and scan against it. The same patterns apply to diff content (step 2) AND commit messages (step 3) — both run from the same source of truth.
Default mode — scan the diff against the target branch:
# Load personal patterns (graceful fallback if file missing):
if [ -f ~/.claude/safe-push-blocklist ]; then
PATTERNS=$(grep -v '^#' ~/.claude/safe-push-blocklist | grep -v '^$' | paste -sd '|' -)
else
PATTERNS=""
echo "WARNING: ~/.claude/safe-push-blocklist not found. Personal pattern checks skipped."
fi
git diff origin/main...HEAD
[ -n "$PATTERNS" ] && git diff origin/main...HEAD | grep -nE "$PATTERNS" \
|| echo "NO MATCHES IN DIFF"
Full repo mode (/safe-push --full) — scan ALL tracked files, not just the diff. Use this for baseline audits, first-time pushes of existing repos, or periodic hygiene checks:
git ls-files | xargs grep -n -E "$PATTERNS" \
--include='*.md' --include='*.py' --include='*.js' --include='*.ts' \
--include='*.html' --include='*.sh' --include='*.json' \
--include='*.yml' --include='*.yaml'
Check for these categories (your ~/.claude/safe-push-blocklist covers the regex-able ones):
xoxb-), Slack channel IDsG-XXXXXXXXXX), GTM (GTM-XXXXXXX)Edit ~/.claude/safe-push-blocklist to maintain your personal patterns. Never hardcode real client names or infrastructure identifiers inside this skill file — the blocklist is the source of truth.
If anything is found:
Review the FULL commit message — both subject (title) and body (description) — for every commit in the push range. Sensitive patterns can hide in either:
# Print the full message (subject + body) for every commit:
git log origin/main..HEAD --format="===%h %s===%n%b"
# Programmatically scan the full message text against the same
# blocklist used for diff content (graceful fallback if file missing):
if [ -f ~/.claude/safe-push-blocklist ]; then
PATTERNS=$(grep -v '^#' ~/.claude/safe-push-blocklist | grep -v '^$' | paste -sd '|' -)
git log origin/main..HEAD --format="%B" | grep -nE "$PATTERNS" \
|| echo "NO MATCHES IN MESSAGES"
else
echo "WARNING: ~/.claude/safe-push-blocklist not found. Personal pattern checks skipped on commit messages."
fi
The same patterns from ~/.claude/safe-push-blocklist that block diff content (step 2) ALSO block commit messages. Apply the full blocklist to BOTH title and body — not just the diff. For public repos, also flag:
If issues found, suggest interactive rebase to clean messages (with user approval).
To avoid triggering GitHub bulk action / automation abuse detection:
git push --all or git push --mirror to a public remote without staggering# Example staggered multi-branch push
for branch in main develop feature/foo; do
git push origin "$branch"
sleep 5
done
Before executing the push, present a summary:
Show the full commit messages with:
git log origin/main..HEAD --format="commit %h%n%n%s%n%n%b%n---"
The user must visually confirm each message before push. This catches:
Wait for explicit user confirmation before pushing.
After pushing:
git push origin <branch>
# Verify
git log origin/<branch> --oneline -5
Report success and the remote URL.
~/.claude/safe-push-blocklist — Your personal pattern blocklist. One regex per line; comments start with #. Loaded on every /safe-push invocation. Edit this file to add or remove patterns; never hardcode patterns in this skill file. See Install above for setup..pii-allowlist — One regex per line, matches are excluded from PII scan (used to allow false positives like example keys in docs)..commit-msg-blocklist — Terms that should never appear in public commit messages for this specific repo.