← Back to Skills Marketplace
sky-lv

Skylv Smart Secrets Scanner

by SKY-lv · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
46
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install skylv-smart-secrets-scanner
Description
Intelligent secrets detection and prevention — scan code, configs, and git history for exposed API keys, passwords, tokens, and credentials
README (SKILL.md)

smart-secrets-scanner

Intelligent secrets detection — scan code, configs, and git history for exposed API keys, passwords, tokens, and credentials before they leak.

Skill Metadata

  • Slug: smart-secrets-scanner
  • Version: 1.0.0
  • Description: Intelligent secrets and credential scanner for codebases. Detects exposed API keys, passwords, tokens, private keys, and credentials in source code, config files, environment variables, and git commit history. Provides auto-remediation suggestions.
  • Category: security
  • Trigger Keywords: secrets scanner, credential leak, API key detection, token exposure, security scan, secret detection, git secret

Capabilities

1. Scan Current Project

```bash node scanner.js scan ./src node scanner.js scan ./ --include ".js,.json,.yaml,.env*" ``` Detects 50+ patterns: AWS keys, GitHub tokens, Slack webhooks, database URLs, private keys, JWTs, etc.

2. Scan Git History

```bash node scanner.js git-scan --depth 50 node scanner.js git-scan --since "2024-01-01" ``` Finds secrets that were committed and later removed (still in git history).

3. Pre-commit Hook

```bash node scanner.js hook --install

Now every commit is scanned automatically

```

4. Auto-Redact

```bash node scanner.js redact ./src/config.js --replace-with "[REDACTED]" ``` Replace detected secrets with placeholder values.

Detection Patterns

Category Examples
Cloud Keys AWS_ACCESS_KEY, GCP_SERVICE_ACCOUNT, AZURE_CLIENT_SECRET
API Tokens GitHub, Slack, Stripe, OpenAI, Anthropic, Google Maps
Database MongoDB URI, PostgreSQL URL, Redis password
Crypto RSA private key, SSH key, certificate
App Secrets JWT secret, session key, encryption key
Config Files .env, .npmrc, .pypirc, credentials.json

Use Cases

  1. CI/CD Pipeline: Block deployments with exposed secrets
  2. Pre-commit: Prevent secrets from entering git history
  3. Audit: Scan existing codebase for leaked credentials
  4. Compliance: SOC2, GDPR requirement for credential management
  5. Education: Teach developers about secret management

Output Format

```json { "findings": [ { "file": "src/config.js", "line": 12, "type": "AWS_ACCESS_KEY", "severity": "CRITICAL", "matched": "AKIAIOSFODNN7EXAMPLE", "suggestion": "Move to environment variable or secrets manager" } ], "summary": { "critical": 1, "high": 0, "medium": 2, "low": 5 } } ```

Usage Guidance
Only use this skill if you can verify what `scanner.js` is and can keep scan output private. Prefer a scanner that ships reviewed code or uses a trusted pinned dependency, masks secrets by default, and offers dry-run or backup options before installing hooks or redacting files.
Capability Analysis
Type: OpenClaw Skill Name: skylv-smart-secrets-scanner Version: 1.0.0 The skill bundle describes a legitimate security utility designed to scan codebases and git history for exposed credentials and API keys. The documentation (SKILL.md) outlines standard security practices such as pre-commit hooks and auto-redaction, and the metadata (_meta.json) is consistent with the tool's stated purpose. No evidence of malicious intent, data exfiltration, or prompt injection was found in the provided files.
Capability Tags
cryptorequires-walletrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The security-scanning goal is coherent, but the documented workflow handles highly sensitive credential material and shows full matched secrets in output rather than masked results.
Instruction Scope
The instructions include broad project and git-history scans, auto-redaction, and hook installation without clear safeguards such as path limits, dry-run review, backups, or default secret masking.
Install Mechanism
The package is instruction-only with no install spec or code files, yet the workflow calls `node scanner.js`; the reviewed artifacts do not provide or pin that script.
Credentials
Scanning code, config files, .env-style files, and git history is purpose-aligned for a secrets scanner, but it is high-impact because it exposes local secrets to the agent context.
Persistence & Privilege
A user-directed pre-commit hook is documented and would continue scanning every commit; this is expected for the purpose but should be installed only intentionally.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skylv-smart-secrets-scanner
  3. After installation, invoke the skill by name or use /skylv-smart-secrets-scanner
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of smart-secrets-scanner v1.0.0. - Scans code, config files, and git history for exposed API keys, credentials, and sensitive data. - Supports 50+ detection patterns for cloud keys, tokens, private keys, database URLs, and more. - Provides auto-remediation suggestions and auto-redact capabilities. - Includes git pre-commit hook integration for proactive secret detection. - Outputs clear, structured JSON reports summarizing findings and severity levels.
Metadata
Slug skylv-smart-secrets-scanner
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Skylv Smart Secrets Scanner?

Intelligent secrets detection and prevention — scan code, configs, and git history for exposed API keys, passwords, tokens, and credentials. It is an AI Agent Skill for Claude Code / OpenClaw, with 46 downloads so far.

How do I install Skylv Smart Secrets Scanner?

Run "/install skylv-smart-secrets-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skylv Smart Secrets Scanner free?

Yes, Skylv Smart Secrets Scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skylv Smart Secrets Scanner support?

Skylv Smart Secrets Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skylv Smart Secrets Scanner?

It is built and maintained by SKY-lv (@sky-lv); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments