compliance-scan
Installation
SKILL.md
Compliance Scan
The repo's last line of defense before something compromising hits GitHub. Layered scanner that runs the existing privacy tests, looks for new patterns of leakage, and (optionally) wires itself into git push so a failed scan blocks the push.
When to invoke
Trigger on any of these phrases — and proactively before any push that touches .claude/skills/, scripts/qa/, PRIVACY.md, .gitignore, notebooks/, or fin-guru/data/:
- "compliance scan", "is this safe to push", "scan for PII", "secrets check"
- "pre-commit security", "pre-push security", "check for leaks", "check before I push"
- "PRIVACY.md compliance", "audit privacy", "any leaks?"
- After adding a new credential, deploy URL, dispatcher URL, webhook, or API key