← ClaudeAtlas

secret-warnlisted

Real-time edit-time guardrails that catch API keys, code injection patterns, and unsafe pipe-to-shell installs the moment they're typed in the Claude Code tool-call loop — before commit, before CI, before any second-pass review. Ships a PreToolUse + PostToolUse hook, a Bash-tool guard, and a curated 11-rule regex catalog covering the most common secret shapes (AWS, Stripe, GCP, OpenAI, Anthropic, GitHub, Slack, JWT, PEM, generic high-entropy assignment) plus three injection-pattern classes. Use when the user mentions secret detection, gitleaks-equivalent during edit time, pre-commit secret scanning, API key safety, edit-time guards, security hooks in Claude Code, or wants real-time protection against unsafe MCP server installs. Do NOT use for full security audits (different scope), penetration testing, or DLP across non-Claude-Code surfaces.
adelaidasofia/ai-brain-starter · ★ 18 · AI & Automation · score 84
Install: claude install-skill adelaidasofia/ai-brain-starter
# secret-warn — real-time edit-time security guardrails Catches secrets and unsafe patterns the moment a Claude Code agent writes them, not after the fact. Public substrate version (MIT). Free to install, free to extend. ## What it does | Trigger | Severity | Action | |---|---|---| | API key in file (Stripe, AWS, GCP, OpenAI, Anthropic, GitHub, Slack) | block (exit 2) | Edit rejected | | PEM-encoded private key block | block | Edit rejected | | High-entropy assignment to a key-named variable | warn (exit 1) | Advisory, edit proceeds | | Python dynamic-codegen on a user-input-suggesting name | warn | Advisory | | Subprocess with shell-mode + variable expansion | warn | Advisory | | Curl/wget pipe-to-shell from a non-allowlisted host | block | Edit rejected | All patterns are stored base64-encoded in `hooks/pattern_registry.json` so the registry file itself doesn't trip pattern-matching tools that scan the repo. This is intentional — see [Design note: self-trigger safety](#design-note-self-trigger-safety) below. ## Install ```bash bash skills/secret-warn/install.sh ``` The installer: - Copies `hooks/secret_warn.py` to `~/.claude/secret-warn/` - Copies `hooks/pattern_registry.json` to the same location - Merges PreToolUse + PostToolUse + Bash hook entries into `~/.claude/settings.json` (non-destructive, additive) - Logs every catch to `~/.claude/secret-warn/audit.log` Idempotent. Safe to re-run. ## Uninstall Edit `~/.claude/settings.json` and remove any hook entry whos