← Back to Skills Marketplace
sky-lv

Skylv Secret Detector

by SKY-lv · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
52
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install skylv-secret-detector
Description
Scans code for leaked secrets, API keys, tokens, and passwords. Triggers: scan secrets, check api key, security scan, leaked token.
README (SKILL.md)

Secrets Scanner

Overview

Scans repositories for accidentally committed secrets and API keys.

When to Use

  • User asks to "scan for secrets" or "security audit"
  • Pre-commit or pre-push security check

Patterns to Detect

AWS Key: AKIA[0-9A-Z]{16} GitHub Token: ghp_[a-zA-Z0-9]{36} Generic API Key: api[_-]?key.[a-zA-Z0-9]{20,} Private Key: -----BEGIN (RSA|DSA|EC) PRIVATE KEY----- Password in URL: ://[^@]+:.@ Slack Token: xox[baprs]-[0-9]{10,13}-[0-9]{10,13}

Commands

Windows: Select-String -Path . -Include .js,.py -Recurse -Pattern "ghp_[a-zA-Z0-9]{36}"

Linux/macOS: grep -rE "ghp_[a-zA-Z0-9]{36}|AKIA[0-9A-Z]{16}" --include=".js" --include=".py" .

Prevention

Add to .gitignore: .env .key credentials. secrets.* *.pem

Usage Guidance
This looks safe for its stated purpose. Use it only in repositories you intend to inspect, do not paste raw secret findings into public places, and rotate or revoke any real credentials it finds.
Capability Analysis
Type: OpenClaw Skill Name: skylv-secret-detector Version: 1.0.0 The skill is a straightforward security tool designed to scan local files for leaked secrets using standard regex patterns and shell commands (grep and Select-String). It contains no network activity, data exfiltration logic, or suspicious instructions, and its functionality aligns perfectly with its stated purpose in SKILL.md.
Capability Tags
cryptorequires-walletrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
SKILL.md states it "Scans repositories for accidentally committed secrets and API keys" and lists token/private-key patterns, which is coherent with the stated purpose but means results may include real secrets.
Instruction Scope
The instructions are limited to pattern matching and prevention advice; they do not instruct the agent to delete files, upload results, override user intent, or run automatically.
Install Mechanism
There is no install spec and no code files; the skill is documented as instruction-only and relies on built-in grep/Select-String examples.
Credentials
SKILL.md includes recursive current-directory scans such as `grep -rE ... .` and `Select-String -Path . ... -Recurse`, so users should run it only inside the repository they intend to inspect.
Persistence & Privilege
The artifacts declare no required environment variables, credentials, config paths, background workers, persistence, or privileged access.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skylv-secret-detector
  3. After installation, invoke the skill by name or use /skylv-secret-detector
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of skylv-secrets-scanner. - Scans code repositories for leaked secrets, API keys, tokens, and passwords. - Detects common patterns including AWS keys, GitHub tokens, Slack tokens, private keys, and credentials in URLs. - Provides platform-specific commands for scanning code on Windows, Linux, and macOS. - Offers prevention guidelines such as recommended .gitignore entries. - Supports triggers like "scan secrets", "check api key", and "security scan".
Metadata
Slug skylv-secret-detector
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Skylv Secret Detector?

Scans code for leaked secrets, API keys, tokens, and passwords. Triggers: scan secrets, check api key, security scan, leaked token. It is an AI Agent Skill for Claude Code / OpenClaw, with 52 downloads so far.

How do I install Skylv Secret Detector?

Run "/install skylv-secret-detector" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skylv Secret Detector free?

Yes, Skylv Secret Detector is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skylv Secret Detector support?

Skylv Secret Detector is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skylv Secret Detector?

It is built and maintained by SKY-lv (@sky-lv); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments