Git Pushing

Name: Git Pushing
Author: mbcoalson

ASecurity

Stage, commit, and push git changes with conventional commit messages with intelligent security checks. Use when user wants to commit and push changes, mentions pushing to remote, or asks to save and push their work. Also activates when user says "push changes", "commit and push", "push this", "push to github", or similar git workflow requests.

2 stars

0 votes

0 copies

4 views

Added 2/11/2026

toolsbashnodegitsecuritydocumentation

Works with

cli

Security Analysis

A100/100

Scanned 2/12/2026

Install via CLI

$openskills install mbcoalson/skills

Files

SKILL.md

---
name: git-pushing
description: Stage, commit, and push git changes with conventional commit messages with intelligent security checks. Use when user wants to commit and push changes, mentions pushing to remote, or asks to save and push their work. Also activates when user says "push changes", "commit and push", "push this", "push to github", or similar git workflow requests.
---

## Critical Corrections

### False Positive Reduction in Security Checks (Learned: 2026-01-12)

**Problem:** Security checks were generating ~30% false positives by flagging:
- Generic placeholder names ("Example-Client", "Sample-Client", "Test-Client")
- Substring matches in XML schemas ("secChAlign" → flagged as "SECC" client)
- Example paths in documentation using sanitized names

**Solution:** Three-layer intelligent filtering implemented:

1. **Exclude Placeholder Patterns:**
   ```
   ✗ Don't flag: "Example-Client", "Sample-Company", "Test-Organization"
   ✓ Do flag: "Atlas-Real-Estate", "Schomp-Automotive", actual client names
   ```
   Pattern: `(Example|Sample|Test|Demo|Client|Company)-[A-Za-z]+`

2. **Exclude False-Positive-Prone File Types:**
   ```
   ✗ Don't scan: *.xsd, *.dtd, *-schema.json (XML/JSON schemas)
   ✓ Do scan: *.md, *.js, *.py, *.ts (project documentation and code)
   ```
   These file types contain standard enum values that substring-match client names.

3. **Context-Aware Path Detection:**
   ```
   ✗ Flag: User-Files/Opportunities/Atlas-Real-Estate/proposal.docx (REAL PATH)
   ✓ Allow: "Example: `User-Files/Opportunities/Example-Client/`" (DOCUMENTATION)
   ```
   Distinguishes between actual project paths and documentation examples.

**Verification:** After implementing these improvements:
- False positive rate reduced by ~70%
- Maintained 100% detection of actual client names
- Successfully pushed Reflect validation work without false blocks

---

# Git Push Workflow

Stage all changes, create a conventional commit, and push to the remote branch.

## When to Use

Automatically activate when the user:
- Explicitly asks to push changes ("push this", "commit and push")
- Mentions saving work to remote ("save to github", "push to remote")
- Completes a feature and wants to share it
- Says phrases like "let's push this up" or "commit these changes"

## Workflow

**ALWAYS use the script** - do NOT use manual git commands:

```bash
bash .claude/skills/git-pushing/scripts/smart_commit.sh
```

With custom message:
```bash
bash .claude/skills/git-pushing/scripts/smart_commit.sh "feat: add feature"
```

Script handles: staging, conventional commit message, Claude footer, push with -u flag.

## Authentication Setup

**Recommended: Use HTTPS with Personal Access Token**

The script automatically checks for SSH URL rewrites and uses HTTPS for authentication:

1. Remote URLs should use HTTPS format: `https://github.com/username/repo.git`
2. Git will prompt for credentials or use stored credentials
3. If you have a global SSH rewrite (`url.git@github.com:.insteadOf`), the script will warn you

**To configure HTTPS authentication:**
```bash
# Set remote to HTTPS
git remote set-url origin https://github.com/username/repo.git

# Store credentials (optional)
git config --global credential.helper store
```

## Security Checks

**Automatic security scanning** runs before every push to detect:

- ❌ Internal hourly rates (e.g., `$200-$250/hr`)
- ❌ Client names in code examples
- ❌ Client-specific file paths (e.g., `User-Files/work-tracking/client-name/`)
- ❌ Company branding in generic examples
- ❌ Forbidden document types (.docx proposals, contracts, etc.)

**Configure patterns:** Edit `.claude/skills/git-pushing/scripts/security_patterns.conf`

**Bypass security check** (NOT recommended):
```bash
SKIP_SECURITY_CHECK=1 bash .claude/skills/git-pushing/scripts/smart_commit.sh
```

## Edge Cases Handled

- **No commits yet**: Script handles repos with no HEAD gracefully
- **SSH rewrites**: Detects and warns about global SSH URL rewrites
- **New branches**: Automatically uses `-u` flag for first push
- **No changes**: Exits gracefully if nothing to commit
- **Sensitive data**: Blocks push if sensitive patterns detected


## Saving Next Steps

When git-pushing work is complete or paused:

```bash
node .claude/skills/work-command-center/tools/add-skill-next-steps.js \
  --skill "git-pushing" \
  --content "## Priority Tasks
1. Stage and commit changes with conventional message
2. Push to remote repository
3. Verify commit appears on GitHub"
```

See: `.claude/skills/work-command-center/skill-next-steps-convention.md`

Git Pushing

Works with

Security Analysis

Attribution

Comments (0)