← Back to Skills Marketplace

Secret Detection

Name: Secret Detection
Author: derick001

by Derick · GitHub ↗ · v1.0.0

cross-platform ✓ Security Clean

399

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install secret-detection

Description

Git hook to detect secrets before commit.

Usage Guidance

This skill appears to do what it says: a local git pre-commit scanner implemented in Python that requires git and python3. Before installing, review the script (scripts/main.py) yourself. Key points to consider: - The scanner prints matched secrets (it includes a 'secret' field in its JSON output and prints a substring to the console). That can expose sensitive values in terminal history or CI logs — if you use this in CI or shared terminals, prefer redaction or change the script to mask secrets (e.g., show only the match type and filename/line, not the secret substring). - Installation is repo-local (.git/hooks/pre-commit). It will only run in that repository; it does not request external network access or credentials. - The README/SKILL.md claim it prints the first 20 characters of secrets, but the hook output prints up to 60 characters of file content — a small inconsistency to be aware of and correct if you want stricter redaction. - If you need organization-wide enforcement, consider a vetted tool (e.g., git-secrets, pre-commit frameworks, or a centralized scanning solution) rather than per-repo hooks. If you decide to install: run the script in a test repository first, and consider editing the scanner to mask or not include the actual secret value in outputs and saved logs.

Capability Analysis

Type: OpenClaw Skill Name: secret-detection Version: 1.0.0 The OpenClaw AgentSkills bundle 'secret-detection' is benign. It functions as a local git pre-commit hook to scan staged files for common secret patterns. The `scripts/main.py` file uses standard Python libraries and `subprocess` to interact with git, read local files, and install the hook. There is no evidence of data exfiltration, malicious execution, unauthorized persistence, or prompt injection attempts against the OpenClaw agent. The printing of partial secret content to the console is an explicit, documented feature for user identification, not an attempt at malicious data exfiltration.

Capability Assessment

✓ Purpose & Capability

Name/description, SKILL.md, and the included Python script all implement a git pre-commit secret scanner. Requested binaries (git, python3) are appropriate and used by the script (git used to list staged files; python3 runs the scanner). No unexpected services or credentials are required.

ℹ Instruction Scope

Instructions focus on installing a repo-local pre-commit hook and scanning staged or specified files, which matches the code. Minor discrepancies: SKILL.md and README state the script prints the first 20 characters of detected secrets, but the hook-run path prints up to 60 characters of the file content in the commit-blocking output. The script reads file contents and prints matched secret substrings to stdout — expected for identification but a potential privacy/secret-leak risk (terminal, CI logs).

✓ Install Mechanism

No remote downloads or package installs; install simply writes a .git/hooks/pre-commit file that invokes the local script. This is standard for repo-local git hooks and does not introduce high-risk install behavior.

ℹ Credentials

The skill requests no environment variables or external credentials, which is appropriate. However, it prints portions of detected secrets to the console (and JSON output includes the secret in full under 'secret' field), which may expose secrets to terminal history, CI logs, or other observers. Consideration should be given to redaction before printing/storing findings.

✓ Persistence & Privilege

The skill is not always-enabled and does not request system-wide persistence. Its install writes only to the repository's .git/hooks directory; it does not modify other skills or global agent settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install secret-detection
After installation, invoke the skill by name or use /secret-detection
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of git pre-commit secret detection skill. - Scans staged files for common secret patterns (API keys, passwords, tokens) before commit. - Blocks commits if secrets are found and prints detection details with file names and line numbers. - Provides command-line tool to install pre-commit hook and to manually scan files or staged changes. - Outputs a detection report and exit code (1 if secrets found). - Requires git and Python 3.6+; works locally without external services. - Limitations: may have false positives, doesn't scan binaries, must be installed per-repository.

Metadata

Slug secret-detection

Version 1.0.0

License —

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Secret Detection?

Git hook to detect secrets before commit. It is an AI Agent Skill for Claude Code / OpenClaw, with 399 downloads so far.

How do I install Secret Detection?

Run "/install secret-detection" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Secret Detection free?

Yes, Secret Detection is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Secret Detection support?

Secret Detection is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Secret Detection?

It is built and maintained by Derick (@derick001); the current version is v1.0.0.

More Skills