Skip to main content
EQ
Foundry
Back to Workflows

Security Gate

verified

security · engineering · devops

Pre-merge security scanning — XSS vectors, env variable leaks, SSRF patterns, dependency vulnerabilities, and branch protection.

Install

npx skills add mclaude95/eq-foundry -s eq-review-security -s branch-guard

Installs all 2 core tools. Supplementary tools can be added individually.

What You Get

A lightweight security gate that catches common vulnerabilities before code reaches main. Runs as a standalone check or as part of the full engineering pipeline.

When to Use

  • Any PR touching authentication, authorization, or data handling
  • Changes to environment variables or secrets configuration
  • New API endpoints or external integrations
  • As a mandatory pre-merge check in CI

What’s Included vs Supplementary

Core: Security review agent (XSS, SSRF, env leaks, dangerouslySetInnerHTML) and branch guard (blocks destructive git commands on protected branches).

Supplementary: Convention scanner for broader rule compliance, full eq-review for combined patterns + quality + security.

Core Tools (2)

eq-review-security

Standalone security review — XSS vectors, env variable leaks, SSRF, dangerouslySetInnerHTML

branch-guard

Pre-tool hook that blocks destructive git commands on protected branches

Supplementary Tools (2)

Optional — install individually based on your project's needs.

convention-scan

Post-edit hook that scans changed files for CLAUDE.md rule violations

eq-review

Autonomous pre-PR code review scanning patterns, quality, and security