Install the secure-before-push skill and SafeWeave automatically scans your code before every commit, push, and PR. Zero manual steps. Zero insecure code shipped.
Run in your terminal:
mkdir -p ~/.claude/skills/secure-before-push
curl -sL https://raw.githubusercontent.com/nickfluxk/safeweave/main/skills/secure-before-push/SKILL.md \
-o ~/.claude/skills/secure-before-push/SKILL.mdClone the repo and copy the skill:
git clone https://github.com/nickfluxk/safeweave.git /tmp/safeweave
cp -r /tmp/safeweave/skills/secure-before-push ~/.claude/skills/Prerequisite
SafeWeave MCP server must be configured in your editor. If you haven't set it up yet, run npx safeweave-mcp first — it auto-detects your editors and configures everything.
The skill activates whenever you ask Claude to commit, push, create a PR, or ship code.
Claude calls the scan_project tool to run all available scanners (SAST, secrets, dependencies, and more on Pro).
Critical and High severity issues block the git operation. Medium issues warn you with a prompt. Low and Info pass through.
For any blocking finding, Claude uses suggest_fix to show you the exact remediation. After you fix, it re-scans to verify.
Only after the scan passes does the git commit or push execute. Every push is verified.
| Severity | Action | Can push? |
|---|---|---|
| Critical | Fix immediately. Shows remediation. Re-scans. | No |
| High | Fix immediately. Shows remediation. Re-scans. | No |
| Medium | Warns with details. Asks for confirmation. | User decides |
| Low | Noted. No action required. | Yes |
| Info | No action needed. | Yes |
Security scan results:
0 critical | 1 high | 2 medium | 1 low
HIGH:
- Hardcoded API key in src/config.ts:12 (CWE-798)
Fix: Move to environment variable
MEDIUM:
- SQL injection risk in src/db.ts:45 (CWE-89)
- Missing input validation in src/api.ts:23 (CWE-20)
Blocking push. Fixing high severity issue first...Works with all SafeWeave plans — Free, Pro, Cloud, and Team.