From heimdall
Audit a project's secrets/conceal posture — config, file ownership/mode, broker presence, .mcp.json wiring, and whether the agent uid is actually denied. Use when the user says "audit secrets", "secrets status", "is my secrets safe set up", "check the conceal boundary", or asks whether the secrets are actually protected.
How this skill is triggered — by the user, by Claude, or both
Slash command
/heimdall:auditThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Run the status script and present its output plainly:
Run the status script and present its output plainly:
node "${CLAUDE_PLUGIN_ROOT}/scripts/heimdall-conceal-status.js" "<repo-dir-or-blank>"
It reports: config presence, each secrets file's owner/mode, broker binary
owner/mode, how many .mcp.json servers route through the broker, and a live
check of whether the agent uid can read the secrets (the decisive test).
If the agent uid can still read a secrets file, the OS boundary is NOT in effect
— tell the user to run /heimdall:harden (or the setup script with sudo). The
hook-level conceal guard may still be active even when the OS boundary is not.
npx claudepluginhub thomfilg/ai-plugin-work --plugin heimdallGuides collaborative design exploration before implementation: explores context, asks clarifying questions, proposes approaches, and writes a design doc for user approval.
Creates structured, bite-sized implementation plans from specs or requirements before writing code. Useful for breaking down multi-step tasks into testable steps with file structure and task boundaries.
Implements work from a spec or tickets using TDD at agreed seams, with regular typechecking and test runs, followed by code review.