← Back to Skills Marketplace

Secret Exposure Gate

Name: Secret Exposure Gate
Author: 52yuanchangxing

by vx：17605205782 · GitHub ↗ · v1.0.0 · MIT-0

darwinlinuxwin32 ✓ Security Clean

152

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install secret-exposure-gate

Description

在发布前检查目录中是否含秘钥、token、私有 URL、证书片段或凭证文件。；use for secrets, security, preflight workflows；do not use for 显示完整密钥值, 修改用户文件.

Usage Guidance

This skill appears to be what it says: a local, read-only preflight scanner implemented in a Python script and templates. Before installing/using it: (1) Only run it against directories you expect it to read — it will open and scan text files under the provided path. (2) The script masks long-looking secrets matched by the 'secret_like' regex, but other matches (private URLs, command snippets) may be shown verbatim or partially; avoid pointing it at production secrets you cannot re-share. (3) Review and, if needed, extend the redaction rules (e.g., mask full URLs or additional secret patterns) and test on a non-sensitive sample. (4) Use --dry-run and inspect output locally; do not pipe results to external services without redaction. If the script ever attempts network access, asks for credentials, or an install spec appears that downloads code from an external URL, re-evaluate (those would change the assessment).

Capability Analysis

Type: OpenClaw Skill Name: secret-exposure-gate Version: 1.0.0 The skill bundle is a legitimate security auditing tool designed to scan local directories for secrets, tokens, and high-risk command patterns (like 'curl|bash') before publication. The core logic in 'scripts/run.py' uses standard Python libraries and regex to identify potential leaks, and it includes a specific function to mask detected secrets in the output to prevent further exposure. The instructions in 'SKILL.md' and the implementation are consistent with the stated purpose, showing no signs of data exfiltration, unauthorized execution, or malicious intent.

Capability Assessment

✓ Purpose & Capability

Name/description (secret preflight scanning) align with required binaries (python3), included scripts, and resource files. The skill operates on a user-supplied path and only needs local filesystem access — this is proportionate to the stated purpose.

ℹ Instruction Scope

SKILL.md restricts behavior (do not display full keys, do not modify files) and instructs running the local script or generating output from templates. The provided script follows those boundaries overall, but its redaction is inconsistent: the 'secret_like' pattern is masked, but other findings (e.g., private URLs, command snippets) may be emitted verbatim (snippet truncated to 160 chars). This is a minor mismatch with the 'do not display full key values' guideline and could expose sensitive URL paths or fragments in some cases.

✓ Install Mechanism

No install spec; script is instruction-only with a local Python script included. This is low-risk: nothing is downloaded or installed automatically. The only runtime requirement is python3 (declared).

✓ Credentials

No environment variables, credentials, or config paths are requested. The script reads files from the user-provided directory only, which matches the scanning purpose.

✓ Persistence & Privilege

Skill is not always:true, does not request persistent privileges, and contains no code that modifies other skills or global agent settings. Autonomous invocation is allowed (default) but not excessive given the skill's local audit role.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install secret-exposure-gate
After installation, invoke the skill by name or use /secret-exposure-gate
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of secret-exposure-gate. - Scans directories for secrets, tokens, private URLs, certificate fragments, or credential files before publishing. - Focuses on security and preflight audit workflows. - Produces structured outputs: scan overview, suspected secrets, high-risk files, remediation/advice. - Does not display full secret values or modify user files. - Offers both review drafts and actionable checklists, always within defined security boundaries.

Metadata

Slug secret-exposure-gate

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Secret Exposure Gate?

在发布前检查目录中是否含秘钥、token、私有 URL、证书片段或凭证文件。；use for secrets, security, preflight workflows；do not use for 显示完整密钥值, 修改用户文件. It is an AI Agent Skill for Claude Code / OpenClaw, with 152 downloads so far.

How do I install Secret Exposure Gate?

Run "/install secret-exposure-gate" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Secret Exposure Gate free?

Yes, Secret Exposure Gate is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Secret Exposure Gate support?

Secret Exposure Gate is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).

Who created Secret Exposure Gate?

It is built and maintained by vx：17605205782 (@52yuanchangxing); the current version is v1.0.0.

More Skills