← Back to Skills

Git Safety

🌐Community
by shipshitdev · vlatest · Repository

Analyzes Git commit history to identify potential security vulnerabilities like exposed secrets or risky changes.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add git-safety npx -- -y @trustedskills/git-safety
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "git-safety": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/git-safety"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The Git Safety skill provides comprehensive security scanning, cleaning, and prevention for Git repositories. It allows an AI agent to detect sensitive files (like .env or key files) within a repository's current state and history, remove these files from the commit history using git-filter-repo or BFG, and configure preventative measures like .gitignore entries and pre-commit hooks. Important: This skill does not guarantee complete security; leaked credentials require immediate rotation and other mitigation steps.

When to use it

Here are some scenarios where this skill would be helpful:

  • You suspect a sensitive file (e.g., containing API keys or passwords) has been committed to your Git repository.
  • You need to remove accidentally committed secrets from the entire commit history of a project.
  • You want to proactively prevent future accidental commits of sensitive files by setting up .gitignore and pre-commit hooks.
  • You are responding to an emergency situation where credentials have been leaked in your Git repository.

Key capabilities

  • Sensitive File Scanning: Detects sensitive files based on predefined patterns (e.g., .env, credentials.json).
  • History Cleaning: Removes identified sensitive files from the Git history using git-filter-repo or BFG.
  • Prevention Configuration: Sets up .gitignore entries and pre-commit hooks to prevent future accidental commits of sensitive data.
  • Full Audit Mode: Executes scanning, cleaning, and prevention steps in a sequential workflow.

Example prompts

Here are some example prompts you could give an AI agent with the Git Safety skill installed:

  • "Run a scan for sensitive files in our repository."
  • "Remove the .env file from all history in this project."
  • "Configure .gitignore to prevent accidental commits of key files."
  • "Perform a complete security audit on this repository."

Tips & gotchas

  • Credential Rotation is Essential: Cleaning Git history is not sufficient to guarantee the safety of leaked credentials. Always rotate any compromised secrets immediately.
  • History Persistence: Be aware that even after cleaning, sensitive information may still exist in GitHub scrapes, archive services, forks, or CI/CD logs.
  • Force Pushing: Cleaning Git history often requires force pushing (git push origin --force --all), which can affect collaborators and should be done with caution.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
shipshitdev
Installs
56
Repository (canonical source) →

🌐 Community

Passed automated security scans.