Claude Code Security Hooks is a skill that adds programmatic pre-commit enforcement to AI coding agents. Rather than relying on prompted caution, it wires in automated checks that run locally before changes reach a remote repository.
Secret detection is handled via gitleaks scanning, which identifies API keys, tokens, and private keys in staged content. A separate credential safety layer monitors for authentication headers or OAuth tokens that might leak into console logs or stdout. For destructive Git operations such as reset —hard or push —force, the skill intercepts the command and requires explicit confirmation before proceeding, reducing the risk of overwriting a colleague’s work.
A fourth layer enforces a content quality gate across four rules covering pricing, metadata, and tone, intended for workflows that publish assets from the agent’s output.
All checks run locally, so there is no external service dependency for the core enforcement logic. The skill is published by agensi and is categorized as a skill rather than an MCP server, meaning it extends agent behavior directly rather than exposing tools over a transport protocol. It requires gitleaks to be available in the environment for secret scanning to function. Agents without access to a Git repository context will not benefit from the Git-specific guardrails.