git-forensics-scanner
Git diff forensics for surfacing and classifying code changes for trojan detection
Best use case
git-forensics-scanner is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Git diff forensics for surfacing and classifying code changes for trojan detection
Teams using git-forensics-scanner should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/git-forensics-scanner/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How git-forensics-scanner Compares
| Feature / Agent | git-forensics-scanner | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Git diff forensics for surfacing and classifying code changes for trojan detection
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Git Forensics Scanner
Surfaces and classifies all code changes in a repository using git diff analysis, providing structured change sets for downstream semantic analysis.
## Purpose
The first phase of nation-state trojan detection: identify exactly what changed, how much changed, and classify each change by risk level. Small diffs in critical code paths are flagged as highest-risk since business-logic trojans typically modify 1-5 lines.
## Capabilities
### Change Set Extraction
- Unstaged changes (`git diff`)
- Staged changes (`git diff --cached`)
- Commit range diffs (`git diff <base>..<head>`)
- Branch diffs (`git diff <base>...<head>`)
- Per-file patch extraction with full hunk context
### Change Classification
- **code** — Logic, algorithms, formulas, control flow
- **config** — Constants, parameters, thresholds, defaults
- **data-model** — Schemas, types, model properties, ORM mappings
- **cosmetic** — Formatting, comments, whitespace, rounding wrappers
### Risk Triage
- Files with 1-5 line changes in prediction/financial/auth code → HIGH RISK
- Single-character operator changes → CRITICAL RISK
- Comment-only changes accompanying code changes → CAMOUFLAGE RISK
## Input Schema
```json
{
"type": "object",
"required": ["projectRoot"],
"properties": {
"projectRoot": {
"type": "string",
"description": "Absolute path to the git repository"
},
"scanMode": {
"type": "string",
"enum": ["uncommitted", "commit-range", "branch-diff"],
"default": "uncommitted"
},
"baseRef": {
"type": "string",
"description": "Base git reference (for commit-range/branch-diff)"
},
"headRef": {
"type": "string",
"description": "Head git reference (for commit-range/branch-diff)"
},
"targetPaths": {
"type": "array",
"items": { "type": "string" },
"description": "Limit scan to specific paths"
}
}
}
```
## Output Schema
```json
{
"type": "object",
"required": ["totalFiles", "files"],
"properties": {
"totalFiles": { "type": "number" },
"totalInsertions": { "type": "number" },
"totalDeletions": { "type": "number" },
"files": {
"type": "array",
"items": {
"type": "object",
"properties": {
"path": { "type": "string" },
"insertions": { "type": "number" },
"deletions": { "type": "number" },
"hunks": { "type": "number" },
"classification": { "type": "string" },
"rawDiff": { "type": "string" },
"riskLevel": { "type": "string" }
}
}
}
}
}
```
## Usage Example
```javascript
skill: {
name: 'git-forensics-scanner',
context: {
projectRoot: '/path/to/project',
scanMode: 'uncommitted'
}
}
```
## Process Files
- `nation-state-trojan-detection.js` — Phase 1: Git Forensics taskRelated Skills
security-scanner
Run security scans including SAST, dependency scanning, and secret detection
incident-forensics
Digital forensics and incident response capabilities. Analyze memory dumps with Volatility, parse filesystem artifacts, extract browser forensics, analyze Windows event logs, create forensic timelines, recover deleted files, and generate forensic reports.
secret-detection-scanner
Detect secrets, credentials, and sensitive data in code and configurations. Scan git history for secrets, detect API keys, tokens, passwords, check environment files, monitor CI/CD logs for exposure, generate remediation steps, and track secret rotation status.
owasp-security-scanner
Automated OWASP Top 10 vulnerability detection and assessment. Run OWASP ZAP automated scans, detect injection vulnerabilities, identify broken authentication patterns, check for sensitive data exposure, analyze security misconfigurations, and generate OWASP-compliant reports.
iac-security-scanner
Infrastructure as Code security scanning and policy enforcement for Terraform, CloudFormation, Kubernetes, and Pulumi
gcp-security-scanner
GCP security configuration scanning and hardening using Security Command Center, Forseti, and ScoutSuite
dast-scanner
Dynamic Application Security Testing execution and management. Configure and execute OWASP ZAP and Nuclei scans, run authenticated scanning, manage scan policies and scope, correlate findings with SAST results, and generate comprehensive vulnerability reports.
container-security-scanner
Container image and Kubernetes security scanning for CVEs, misconfigurations, and compliance
azure-security-scanner
Azure security configuration scanning and hardening using Azure Security Center, Azure Policy, and ScoutSuite
aws-security-scanner
AWS security configuration scanning and hardening using Prowler, Security Hub, and AWS Config
tech-stack-scanner
Automated technical architecture review, security assessment, scalability analysis
chain-forensics
On-chain analysis and transaction forensics for blockchain security investigations. Provides capabilities for tracing fund flows, identifying suspicious patterns, MEV analysis, and generating forensic reports for incident response.