-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.pre-commit-hooks.yaml
More file actions
39 lines (38 loc) · 1017 Bytes
/
.pre-commit-hooks.yaml
File metadata and controls
39 lines (38 loc) · 1017 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
- id: skillscan
name: SkillScan Security
description: >
Detects prompt injection, tool poisoning, and supply-chain attacks
in MCP skill files (SKILL.md, CLAUDE.md, .mcp.json, *.yaml).
language: python
entry: skillscan
args: [scan, --fail-on, warn]
types_or: [markdown, yaml]
files: >-
(?x)^(
.*SKILL\.md|
.*CLAUDE\.md|
.*\.mcp\.json|
.*skills/.*\.yaml|
.*skills/.*\.yml
)$
additional_dependencies: ["skillscan-security>=0.3.1"]
pass_filenames: true
- id: skillscan-strict
name: SkillScan Security (strict)
description: >
Like skillscan but fails on any finding including warnings.
Use in CI for zero-tolerance enforcement.
language: python
entry: skillscan
args: [scan, --fail-on, info]
types_or: [markdown, yaml]
files: >-
(?x)^(
.*SKILL\.md|
.*CLAUDE\.md|
.*\.mcp\.json|
.*skills/.*\.yaml|
.*skills/.*\.yml
)$
additional_dependencies: ["skillscan-security>=0.3.1"]
pass_filenames: true