Proactive Skills — Skills tự động chạy ngầm

8 skills được kích hoạt tự động khi bạn viết code, commit, hoặc thay đổi files — không cần gõ lệnh.
Proactive skills chạy qua hooks — tự động trigger trước/sau events cụ thể. Xem chi tiết tại Skill Mechanism.

Danh sách Proactive Skills

SkillTrigger khiMô tả
code-reviewerFiles modified/savedReview code quality, best practices
test-generatorNew code writtenSuggest tests cho functions mới
secret-scannerBefore commitDetect API keys, credentials, tokens
security-auditorFiles modifiedScan OWASP Top 10 vulnerabilities
dependency-auditorpackage.json changedCheck vulnerable dependencies
api-documenterAPI endpoints changedAuto-generate API docs
readme-updaterProject structure changedKeep README current
handoff-createSession endingTạo handoff document cho session tiếp

code-reviewer

Tự động review code khi files được modify: Kiểm tra:
  • Correctness — logic errors, edge cases
  • Security — injection, XSS, auth bypass
  • Performance — N+1 queries, unnecessary re-renders
  • Maintainability — naming, complexity, duplication

test-generator

Suggest tests khi viết code mới: Output:
  • Unit tests cho new functions
  • Integration tests cho new API endpoints
  • Edge case suggestions

secret-scanner

Detect credentials trước khi commit: Patterns detected:
  • API keys (AWS, GCP, Stripe, SendGrid)
  • Database connection strings
  • JWT secrets, OAuth tokens
  • .env file contents
  • Private keys (SSH, SSL)
Nếu phát hiện secret → BLOCK commit và cảnh báo. Phải remove secret trước khi tiếp tục.

security-auditor

Scan liên tục cho OWASP vulnerabilities:
CategoryCheck
InjectionSQL, NoSQL, command injection
Broken AuthWeak passwords, session fixation
XSSReflected, stored, DOM-based
SSRFServer-side request forgery
Insecure DeserializationUnsafe JSON/YAML parsing

dependency-auditor

Khi package.json thay đổi: 
DEPENDENCY AUDIT
├── New: 2 packages added
│   ├── lodash@4.17.21 — ✓ No known vulnerabilities
│   └── axios@1.6.0 — ⚠ CVE-2023-45857 (CSRF)
├── Updated: 1 package
│   └── next@14.2.0 → 14.2.3 — Security patch
└── Recommendation: Update axios to 1.6.2+

api-documenter & readme-updater

SkillTriggerOutput
api-documenterAPI endpoint added/changedUpdated OpenAPI spec, endpoint docs
readme-updaterStructure changed, features addedUpdated README sections

handoff-create

Tạo handoff document khi kết thúc session: 
/handoff-create                    # Generate handoff doc
Output: Document chứa: what was done, current state, next steps, blockers — để session tiếp theo pick up ngay.

Cấu hình Proactive Skills

Proactive skills được cấu hình trong .claude/settings.jsonhooks: 
{
  "hooks": {
    "PreToolUse": [
      { "matcher": "Write", "command": "node .claude/hooks/secret-scan.cjs" }
    ],
    "PostToolUse": [
      { "matcher": "Write", "command": "node .claude/hooks/code-review.cjs" }
    ]
  }
}