| name | local-sensitive |
| description | Routes to local LLM for sensitive operations. Use when user says "로컬에서 처리해줘", "외부로 보내지 마", "민감한 데이터야", "보안 감사해줘", "credential 분석", "시크릿 확인", or handles sensitive data that should not leave the machine. |
| allowed-tools | Bash(.claude/scripts/local-llm.sh:*), Bash(.claude/scripts/infisical-update.sh:*), Bash(kubectl get:*), Read, Grep, Glob |
Local LLM for Sensitive Operations
Route security-sensitive tasks to local LLM to prevent data exfiltration.
When to Use
- Analyzing secrets or credentials
- Security audit of sensitive code
- Private code review
- Compliance checking with sensitive data
- Any task where data should not leave the machine
Available Models
| Model | Endpoint | Best For |
|---|---|---|
qwen3-coder |
localhost:8003 | Code analysis, generation |
gpt-oss |
localhost:8004 | General tasks, tool use |
How to Use
.claude/scripts/local-llm.sh qwen3-coder "Review this code for secrets: <code>"
.claude/scripts/local-llm.sh gpt-oss "Analyze security of this config"
Security Guidelines
- Never send sensitive data to external APIs
- Use this skill when file paths contain:
secret,credential,.env,key - Prefer
qwen3-coderfor code-related tasks - Prefer
gpt-ossfor general analysis
Example Workflow
- User asks: "Check if there are any hardcoded secrets in this file"
- Read the file locally
- Send to local LLM for analysis
- Report findings without exposing actual secret values
Infisical Secret Updates
For updating Infisical secrets with sensitive config data (token never exposed):
# 1. Parse sensitive YAML/JSON with local LLM
.claude/scripts/local-llm.sh qwen3-coder "Parse this config and output JSON: <config>"
# 2. Save to temp file
cat > /tmp/parsed.json << 'EOF'
{"KEY": "value"}
EOF
# 3. Safe update (token fetched internally, never printed)
.claude/scripts/infisical-update.sh safe-parse \
infisical-app-secrets namespace \
json /tmp/parsed.json "/path"
# 4. Clean up
rm /tmp/parsed.json
See infisical-manager skill for detailed workflow.