KS
Killer-Skills

secure-pr — how to use secure-pr how to use secure-pr, secure-pr setup guide, github security workflow, ruff and pytest integration, secure-pr vs github code review, secure-pr install, what is secure-pr, secure-pr alternative, secure-pr for python developers

v1.0.0
GitHub

About this Skill

Ideal for GitHub-focused AI Agents, such as AutoGPT and LangChain, needing streamlined security reviews and pre-flight checks for Python repositories. secure-pr is a GitHub security workflow that automates pre-flight checks and security reviews using ruff and pytest to identify vulnerabilities and secrets.

Features

Runs pre-flight checks using ruff check and ruff format --check
Performs security reviews with /security-review slash command
Identifies hardcoded secrets and API keys
Detects injection vulnerabilities and unsafe data handling
Analyzes dependency issues with pytest

# Core Topics

how to use secure-pr secure-pr setup guide github security workflow ruff and pytest integration secure-pr vs github code review secure-pr install
ConnerBabb ConnerBabb
[0]
[0]
Updated: 3/6/2026

Quality Score

Top 5%
36
Excellent
Based on code quality & docs
Installation
SYS Universal Install (Auto-Detect)
Cursor IDE Windsurf IDE VS Code IDE
> npx killer-skills add ConnerBabb/Instapermit/secure-pr

Agent Capability Analysis

The secure-pr MCP Server by ConnerBabb is an open-source Categories.community integration for Claude and other AI agents, enabling seamless task automation and capability expansion. Optimized for how to use secure-pr, secure-pr setup guide, github security workflow.

Ideal Agent Persona

Ideal for GitHub-focused AI Agents, such as AutoGPT and LangChain, needing streamlined security reviews and pre-flight checks for Python repositories.

Core Value

Empowers agents to automate security reviews using the `/security-review` slash command, checking for hardcoded secrets, injection vulnerabilities, and unsafe data handling, while also integrating with tools like Ruff for linting and Pytest for testing.

Capabilities Granted for secure-pr MCP Server

Automating pre-flight checks with Ruff and Pytest
Performing full security reviews of pending changes
Identifying hardcoded secrets and API keys in Python code

! Prerequisites & Limits

  • Requires GitHub repository access
  • Python and Ruff compatibility needed
  • Pytest testing framework required
Project
SKILL.md
1.4 KB
.cursorrules
1.2 KB
package.json
240 B
Ready
UTF-8

# Tags

[No tags]
SKILL.md
Readonly

Secure PR Workflow

Follow these steps in order. Do not skip any step.

Step 1 — Pre-flight checks

Run the linter and tests locally. If either fails, fix the issues before continuing.

ruff check .
ruff format --check .
pytest

Step 2 — Security review

Run the /security-review slash command to perform a full security review of all pending changes. This reviews the diff for:

  • Hardcoded secrets or API keys
  • Injection vulnerabilities
  • Unsafe data handling
  • Dependency issues
  • Any other security concerns

Do not proceed to step 3 until the security review is complete and all findings are addressed.

Step 3 — Create the PR

Create the pull request using the standard format:

gh pr create --title "<short title>" --body "$(cat <<'EOF'
## Summary
<bullet points summarizing changes>

## Security Review
- [x] Security review completed via `/security-review`
- [x] No hardcoded secrets or API keys
- [x] No injection vulnerabilities found

## Test plan
<bulleted checklist of testing done>

🤖 Generated with [Claude Code](https://claude.com/claude-code)
EOF
)"

Step 4 — Watch CI checks

After the PR is created, wait for all CI checks (lint, test, CodeQL) to complete:

gh pr checks --watch

Report the final status of each check to the user. If any check fails, investigate the failure, fix it, push the fix, and re-watch.

Related Skills

Looking for an alternative to secure-pr or building a Categories.community AI Agent? Explore these related open-source MCP Servers.

View All

widget-generator

Logo of f
f

widget-generator is an open-source AI agent skill for creating widget plugins that are injected into prompt feeds on prompts.chat. It supports two rendering modes: standard prompt widgets using default PromptCard styling and custom render widgets built as full React components.

149.6k
0
Design

chat-sdk

Logo of lobehub
lobehub

chat-sdk is a unified TypeScript SDK for building chat bots across multiple platforms, providing a single interface for deploying bot logic.

73.0k
0
Communication

zustand

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
Communication

data-fetching

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
Communication