← Back to Skills Marketplace
sky-lv

Skylv Secrets Scanner

by SKY-lv · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
124
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install skylv-secrets-scanner
Description
Scans code for leaked secrets, API keys, tokens, and passwords. Triggers: scan secrets, check api key, security scan, leaked token.
Usage Guidance
This skill is instruction-only and simply tells the agent how to run local grep/Select-String patterns to find likely secrets. Before installing: (1) confirm you trust the skill trigger and understand it will read files in the working directory (it does recursive scans); (2) note that the provided commands only check GitHub tokens and AWS keys in .js/.py files — update the commands if you need other patterns or file types; (3) add safe handling steps for any discovered secrets (rotate/secure them) and ensure findings are not sent to external services; (4) avoid running this over unrelated system dirs (home, /etc) to prevent accidental disclosure of unrelated secrets; and (5) if you expect broader coverage or automation, prefer a maintained scanner (repo with code) rather than instruction-only text so you can review the exact implementation.
Capability Analysis
Type: OpenClaw Skill Name: skylv-secrets-scanner Version: 1.0.0 The skylv-secrets-scanner skill is a legitimate security utility designed to identify leaked secrets and API keys in local files. It uses standard system commands (grep and Select-String) to search for common patterns like AWS keys and GitHub tokens, and it contains no evidence of data exfiltration, malicious execution, or prompt injection.
Capability Tags
cryptorequires-walletrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name and description match the behavior: SKILL.md describes searching repositories for leaked secrets. The declared requirements (none) are appropriate for an instruction-only scanner. Minor inconsistency: the 'Patterns to Detect' lists multiple secret types but the provided command examples only search for GitHub tokens and AWS keys and only in .js/.py files, so the commands don't fully implement all claimed patterns.
Instruction Scope
Instructions tell the agent to recursively scan the working tree using Select-String/grep, which is expected for a repo scanner. However: (1) commands are narrowly targeted (only two regexes and file extensions), (2) there is no guidance on safe handling/storage/transmission of discovered secrets, and (3) no instruction to exclude sensitive system directories. These are usability/security hygiene gaps but not evidence of malicious intent.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes disk-write risk; nothing is downloaded or installed.
Credentials
The skill requests no environment variables, credentials, or config paths — proportional to a local scanning helper.
Persistence & Privilege
always:false and no requests to modify agent/system config. The skill has normal, non-persistent invocation behavior.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skylv-secrets-scanner
  3. After installation, invoke the skill by name or use /skylv-secrets-scanner
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of skylv-secrets-scanner. - Scans code for leaked secrets, API keys, tokens, and passwords. - Detects patterns for AWS keys, GitHub tokens, generic API keys, private keys, passwords in URLs, and Slack tokens. - Supports security scans via relevant triggers. - Provides command examples for both Windows and Linux/macOS environments. - Offers prevention tips for avoiding secret leaks.
Metadata
Slug skylv-secrets-scanner
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Skylv Secrets Scanner?

Scans code for leaked secrets, API keys, tokens, and passwords. Triggers: scan secrets, check api key, security scan, leaked token. It is an AI Agent Skill for Claude Code / OpenClaw, with 124 downloads so far.

How do I install Skylv Secrets Scanner?

Run "/install skylv-secrets-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skylv Secrets Scanner free?

Yes, Skylv Secrets Scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skylv Secrets Scanner support?

Skylv Secrets Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skylv Secrets Scanner?

It is built and maintained by SKY-lv (@sky-lv); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments