Run any Skill in Manus with one click

$pwd:

ship-safe-baseline

Name: Ship Safe Baseline
Author: asamassekou10

// Manage your security baseline — accept current findings as known debt, then only report new regressions on future scans. Use when the user wants to adopt security scanning incrementally or suppress existing findings.

Run Skill in Manus

$ git log --oneline --stat

stars:712

forks:80

updated:March 17, 2026 at 04:32

SKILL.md

readonly

name	ship-safe-baseline
description	Manage your security baseline — accept current findings as known debt, then only report new regressions on future scans. Use when the user wants to adopt security scanning incrementally or suppress existing findings.
argument-hint	[path] [--diff] [--clear]

Ship Safe — Baseline Management

You are helping the user manage their security baseline. A baseline lets teams "accept" current findings as known technical debt and only see new regressions on future scans.

Understand the request

No flags or just a path → Create/update the baseline
--diff → Show what changed since the baseline was created
--clear → Remove the baseline

Step 1: Run the baseline command

npx ship-safe@latest baseline $ARGUMENTS 2>&1

If $ARGUMENTS is empty, default to .:

npx ship-safe@latest baseline . 2>&1

For diff mode:

npx ship-safe@latest baseline . --diff 2>&1

For clearing:

npx ship-safe@latest baseline --clear 2>&1

Step 2: Explain the result

If creating a baseline:

Report how many findings were baselined
Explain that .ship-safe/baseline.json was created
Tell the user they can now run npx ship-safe audit . --baseline (or /ship-safe --baseline) to only see new findings
Recommend adding .ship-safe/baseline.json to version control so the whole team shares the same baseline

If showing diff:

Report new findings (not in baseline) — these are regressions
Report resolved findings (in baseline but no longer detected) — these are improvements
If no changes, confirm the codebase matches the baseline

If clearing:

Confirm the baseline was removed. Future scans will show all findings again.

Step 3: Suggest workflow

After creating a baseline, suggest this workflow:

CI pipeline: Add npx ship-safe audit . --baseline --json to fail builds only on new findings
Periodic review: Run /ship-safe-baseline --diff to track progress on reducing technical debt
After fixing: Run /ship-safe-baseline . to update the baseline

Important Notes

The baseline uses content-based fingerprints (rule:path:snippet), not line numbers — so the baseline survives code reformatting and line shifts
Creating a baseline does NOT mean the findings are safe — it means the team acknowledges them and will address them over time

related-skills.json

same repository

ship-safe-hooks.md

from "asamassekou10/ship-safe"

Install ship-safe as real-time Claude Code hooks — blocks secrets and dangerous commands before they land on disk. Use when the user wants automatic security scanning on every file write or bash command.

2026-04-01712

ship-safe-ci.md

from "asamassekou10/ship-safe"

Run Ship Safe in CI mode — compact output, exit codes, SARIF generation. Use when the user wants to set up CI/CD security gates or test their pipeline configuration.

2026-03-17712

ship-safe-deep.md

from "asamassekou10/ship-safe"

Run a deep security audit with LLM-powered taint analysis — regex scan nominates findings, then an LLM verifies taint reachability and exploitability. Use when the user wants thorough, high-confidence results with fewer false positives.

2026-03-17712

ship-safe-fix.md

from "asamassekou10/ship-safe"

Auto-fix security issues — remediate hardcoded secrets and common vulnerabilities (TLS bypass, debug mode, XSS, shell injection, Docker :latest). Use when the user wants to automatically fix security findings.

2026-03-17712

ship-safe-red-team.md

from "asamassekou10/ship-safe"

Run a multi-agent red team scan — 16 specialized security agents scan for 80+ attack classes including injection, auth bypass, SSRF, supply chain, Supabase RLS, MCP security, agentic AI, RAG poisoning, PII compliance, and more. Use when the user wants a deep security analysis beyond just secrets.

2026-03-17712

ship-safe-scan.md

from "asamassekou10/ship-safe"

Quick scan for leaked secrets — API keys, passwords, tokens, database URLs. Use when the user wants to check for hardcoded secrets or exposed credentials.

2026-03-17712

package.json

"author": "asamassekou10"

"repository": "asamassekou10/ship-safe"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	ship-safe-baseline
description	Manage your security baseline — accept current findings as known debt, then only report new regressions on future scans. Use when the user wants to adopt security scanning incrementally or suppress existing findings.
argument-hint	[path] [--diff] [--clear]

Ship Safe — Baseline Management

You are helping the user manage their security baseline. A baseline lets teams "accept" current findings as known technical debt and only see new regressions on future scans.

Understand the request

No flags or just a path → Create/update the baseline
--diff → Show what changed since the baseline was created
--clear → Remove the baseline

Step 1: Run the baseline command

npx ship-safe@latest baseline $ARGUMENTS 2>&1

If $ARGUMENTS is empty, default to .:

npx ship-safe@latest baseline . 2>&1

For diff mode:

npx ship-safe@latest baseline . --diff 2>&1

For clearing:

npx ship-safe@latest baseline --clear 2>&1

Step 2: Explain the result

If creating a baseline:

Report how many findings were baselined
Explain that .ship-safe/baseline.json was created
Tell the user they can now run npx ship-safe audit . --baseline (or /ship-safe --baseline) to only see new findings
Recommend adding .ship-safe/baseline.json to version control so the whole team shares the same baseline

If showing diff:

Report new findings (not in baseline) — these are regressions
Report resolved findings (in baseline but no longer detected) — these are improvements
If no changes, confirm the codebase matches the baseline

If clearing:

Confirm the baseline was removed. Future scans will show all findings again.

Step 3: Suggest workflow

After creating a baseline, suggest this workflow:

CI pipeline: Add npx ship-safe audit . --baseline --json to fail builds only on new findings
Periodic review: Run /ship-safe-baseline --diff to track progress on reducing technical debt
After fixing: Run /ship-safe-baseline . to update the baseline

Important Notes

The baseline uses content-based fingerprints (rule:path:snippet), not line numbers — so the baseline survives code reformatting and line shifts
Creating a baseline does NOT mean the findings are safe — it means the team acknowledges them and will address them over time

ship-safe-baseline

Ship Safe — Baseline Management

Understand the request

Step 1: Run the baseline command

Step 2: Explain the result

If creating a baseline:

If showing diff:

If clearing:

Step 3: Suggest workflow

Important Notes

More from this repository

More from this repository

Ship Safe — Baseline Management

Understand the request

Step 1: Run the baseline command

Step 2: Explain the result

If creating a baseline:

If showing diff:

If clearing:

Step 3: Suggest workflow

Important Notes