// Detect infrastructure and security-critical file changes to trigger security agent review recommendations ensuring proper security oversight for sensitive modifications.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | security-detection |
| description | Detect infrastructure and security-critical file changes to trigger security agent review recommendations ensuring proper security oversight for sensitive modifications. |
| license | MIT |
| metadata | null |
| version | 1.0.0 |
| model | claude-haiku-4-5 |
| Trigger Phrase | Operation |
|---|---|
scan for security changes | detect-infrastructure with staged files |
check security-critical files | detect-infrastructure with file list |
run security scan on changes | detect-infrastructure analysis |
do I need a security review | Risk-level assessment of changed files |
check infrastructure changes | Pattern matching against critical/high lists |
Use this skill when:
Use the security agent directly instead when:
| Script | Language | Usage |
|---|---|---|
detect_infrastructure.py | Python 3 | Cross-platform |
# Analyze staged files
python detect_infrastructure.py --git-staged
# Analyze specific files
python detect_infrastructure.py .github/workflows/ci.yml src/auth/login.cs
When security-critical files are detected:
=== Security Review Detection ===
CRITICAL: Security agent review REQUIRED
Matching files:
[CRITICAL] .github/workflows/deploy.yml
[HIGH] src/Controllers/AuthController.cs
Run security agent before implementation:
Task(subagent_type="security", prompt="Review infrastructure changes")
When no matches:
No infrastructure/security files detected.
| Level | Meaning | Action |
|---|---|---|
| CRITICAL | Immediate security implications | Review REQUIRED |
| HIGH | Potential security impact | Review RECOMMENDED |
.github/workflows/*).githooks/*, .husky/*)**/Auth/**, **/Security/**)*.env*)*.pem, *.key, *secret*)build/**/*.ps1, scripts/**/*.sh)Dockerfile*, docker-compose*)**/Controllers/**)appsettings*.json)*.tf, *.tfvars, *.bicep)Add to .githooks/pre-commit:
# Security detection (non-blocking warning)
python3 .claude/skills/security-detection/detect_infrastructure.py --git-staged
- name: Check security-critical files
run: python .claude/skills/security-detection/detect_infrastructure.py --git-staged
| Code | Meaning |
|---|---|
| 0 | Success (warning shown if matches found, non-blocking) |
The scripts are designed to be non-blocking warnings. They always exit 0 to avoid blocking commits or CI. The warning is informational only.
Edit the pattern lists in either script to add or modify detection patterns:
CRITICAL_PATTERNS / $CriticalPatterns - Review requiredHIGH_PATTERNS / $HighPatterns - Review recommended| Avoid | Why | Instead |
|---|---|---|
| Skipping detection before commits | Security files slip through unreviewed | Run detection on every commit with infrastructure changes |
| Treating warnings as blocking | Scripts exit 0 intentionally | Use output to inform review decisions, not block commits |
| Hardcoding custom patterns inline | Drifts from canonical pattern lists | Edit CRITICAL_PATTERNS/HIGH_PATTERNS in the scripts |
| Ignoring HIGH-level matches | Potential security impact overlooked | Review HIGH matches, escalate to security agent when uncertain |
| Running only one language script | May miss platform-specific detection | Use whichever script matches your environment |
After running security detection: