功能描述

Stop leaking secrets. Pre-commit hooks + 10-point scans + cron monitoring. Agent-ops security in one command. By The Agent Wire (theagentwire.ai)

使用说明 (SKILL.md)

agent-security-ops

Name: Agent Security Ops
Author: theagentwire

Security hardening for solopreneur repos. One command to set up pre-commit hooks, secret scanning, and continuous monitoring.

⚠️ Important: `--no-verify` Bypass Warning

The pre-commit hook can be bypassed with git commit --no-verify. This skips ALL hooks including secret scanning.

Recommendations:

Never use --no-verify unless you've manually verified no secrets are staged

Set up CI-side scanning as backup — add TruffleHog to your GitHub Actions / CI pipeline so secrets are caught even if hooks are bypassed

Run scan.sh after any --no-verify commit to verify nothing slipped through

The hook is fail-closed: if TruffleHog is not found, commits are blocked (not silently allowed).

Quick Start

bash skills/agent-security-ops/scripts/setup.sh /path/to/repo

This will:

Install TruffleHog (pinned version with SHA256 checksum verification, override with TRUFFLEHOG_VERSION env var)
Set up a fail-closed pre-commit hook that blocks secrets (scans staged changes)
Harden .gitignore with common secret patterns (including .security-ops/, .terraform/)
Run initial secret scan (git history + filesystem for untracked files)

What You'll See

setup.sh output:

agent-security-ops: Setting up /Users/you/my-project
✓ TruffleHog already installed (3.88.0)
✓ Pre-commit hook installed
→ Added 2 patterns to .gitignore: .security-ops/ .terraform/
→ Running initial secret scan...
✓ Initial scan: clean
→ Running filesystem scan (untracked files)...
✓ Filesystem scan: clean

Setup complete:
  • Installed pre-commit hook
  • Hardened .gitignore (+2 patterns)
  • Initial scan: clean
  💡 More agent-ops at theagentwire.ai/?utm_source=clawhub&utm_medium=skill&utm_campaign=agent-security-ops

scan.sh summary (stderr):

--- TruffleHog Secret Scan ---
✓ No secrets found

--- TruffleHog Filesystem Scan ---
✓ No secrets in untracked files

--- Pattern Grep Scan ---
⚠ Found 2 high-confidence secret pattern(s)
./config.js:3:  apiKey: "sk-proj-abc123..."
✓ No low-confidence patterns

--- Summary ---
⚠ Total: 2 (secrets=0[0 verified], fs=0, patterns=2[+0 low], ...)

Commands

All scripts support --help and --version flags.

setup.sh — One-time repo hardening

bash scripts/setup.sh [/path/to/repo]
bash scripts/setup.sh --fix-ssh /path/to/repo   # also fix SSH permissions

Idempotent. Safe to run multiple times. Defaults to current directory. Existing pre-commit hooks are preserved (appended to, not overwritten).

scan.sh — Full security scan

# JSON report to stdout, human summary to stderr
bash scripts/scan.sh [/path/to/repo]

# Save report
bash scripts/scan.sh /path/to/repo > report.json

Checks:

Secrets: TruffleHog — all secrets found (verified ones highlighted)
Filesystem: TruffleHog filesystem scan for untracked/working files
Pattern grep (high-confidence): AWS, GitHub, Anthropic, Slack, OpenAI, Stripe, Google, Twilio, SendGrid, npm, Vault, private keys
Pattern grep (low-confidence): Database URLs, password/secret assignments, bearer tokens, Firebase, Supabase, JWTs
.gitignore audit: Uses git check-ignore to verify patterns work
Dependency audit: npm audit / pip audit (results in JSON output)
File permissions: Finds world-readable .env, .pem, .key, credential files
Open ports: Lists listening ports, flags unexpected ones (note: may need sudo on macOS)
Environment secrets: Scans shell profiles for hardcoded keys/tokens
Loose .env files: Checks $HOME, Desktop, Downloads for .env files (warning only, not counted as repo findings)
Docker secrets: Checks Dockerfiles and compose files for hardcoded secrets
SSH audit: Verifies ~/.ssh permissions (report only — use setup.sh --fix-ssh to fix)
Git remotes: Flags insecure HTTP remotes, checks GitHub repo visibility

monitor.sh — Cron-friendly monitoring

bash scripts/monitor.sh [/path/to/repo]

Content-based delta detection (hashes scan results, not just counts). Exits 1 on any change, 0 if unchanged. Uses atomic file writes and flock-based locking to prevent concurrent runs.

Cron Integration

# Check every hour, alert on new findings
0 * * * * bash /path/to/skills/agent-security-ops/scripts/monitor.sh /path/to/repo || notify "Security scan changed"

Found Something?

Finding	What to Do
Verified secret in git	Rotate the credential immediately. Use `git filter-repo` or BFG to remove from history.
Unverified secret in git	Investigate — may be a false positive or an expired credential. Still consider rotating.
Pattern match (high-confidence)	Move to `.env` file or secret manager. Verify it's in `.gitignore`.
Pattern match (low-confidence)	Review manually — may be a false positive. Check if it's a real credential.
Missing .gitignore pattern	Run `setup.sh` again — it adds missing patterns.
World-readable sensitive file	`chmod 600 \x3Cfile>` — restrict to owner only.
Unexpected open port	Identify the process (`lsof -i :\x3Cport>`), stop if unnecessary.
Env secret in shell profile	Move to `.env` file or `op run` (1Password). Remove `export` line.
Docker hardcoded secret	Use Docker secrets, env vars with `${VAR}` syntax, or `.env` file.
SSH permission issue	Run `setup.sh --fix-ssh` or manually `chmod 700 ~/.ssh && chmod 600 ~/.ssh/id_*`.
HTTP git remote	`git remote set-url origin [email protected]:user/repo.git`
Public repo detected	If unintentional: `gh repo edit --visibility private`

Limitations

Grep ≠ AST analysis: Pattern matching catches literal strings, not obfuscated or dynamically constructed secrets.
No SAST/DAST: This is not a replacement for static/dynamic application security testing.
IaC limited to Docker: No Terraform, Kubernetes, or CloudFormation scanning beyond basic grep patterns on .tf/.tfvars.
TruffleHog verification: Verification depends on service availability — if an API is down, a real secret may show as "unverified." That's why we now scan all secrets, not just verified ones.
Port scanning: Only detects currently listening ports, not firewall rules or network exposure. May need sudo on macOS for full process info.
$HOME .env scan: Checks outside repo scope as a convenience — findings are warnings only, not counted as repo findings.

What It Scans

Category	Tool	Coverage
Secrets in code	TruffleHog	Current files + full git history (all, verified highlighted)
Filesystem secrets	TruffleHog	Untracked/working directory files
Secret patterns (high)	grep	20+ providers (AWS, GitHub, Anthropic, Slack, Stripe, etc.)
Secret patterns (low)	grep	DB URLs, passwords, bearer tokens, Firebase, Supabase, JWTs
.gitignore	git check-ignore	`.env`, `.pem`, `.key`, `.p12`, `*.pfx`, credentials, keystores, `.terraform/`
Dependencies	npm/pip audit	Known CVEs in packages
Permissions	find	World-readable sensitive files
Open Ports	lsof/ss	Unexpected listening services
Env Secrets	grep	Hardcoded secrets in shell profiles, loose .env files (warning)
Docker Secrets	grep	Hardcoded secrets in Dockerfiles and compose files
SSH Audit	stat	Permission checks on ~/.ssh, keys, config
Git Remotes	git/gh	Insecure HTTP remotes, public repo detection

Security Model

Binary verification: TruffleHog downloaded with SHA256 checksum verification against official release checksums
Fail-closed hook: Missing TruffleHog blocks commits (not silently passes)
No brew fallback: Only verified direct download to prevent supply chain attacks
Version pinning: TRUFFLEHOG_VERSION validated as semver before use
Self-exclusion: Scripts exclude themselves from grep scans via content marker

Reference Files

references/patterns.md — Regex patterns for all detected secret types, marked as ✅ scanned or 📖 reference only.

Dependencies

git, grep, find (standard)
trufflehog (installed by setup.sh, pinned version with checksum verification)
jq (optional — produces properly escaped JSON; without it, falls back to shell-based escaping which may break on unusual filenames/content)

Built by The Agent Wire — a weekly newsletter about AI agents for solopreneurs. Liked this skill? I write about building agent-ops tools like this every Wednesday. Star ⭐ this skill if it saved you from leaking a secret.

FAQ

What is this skill? Agent Security Ops installs pre-commit hooks and runs 10-point security scans to prevent AI agents from leaking secrets. Catches API keys, tokens, passwords, and credentials before they reach git history.

What problem does it solve? AI agents generate and handle credentials constantly — API keys, tokens, database URLs. Without guardrails, these end up in commits, logs, or chat messages. This skill adds automated scanning at commit-time and on-demand.

What are the requirements? Bash, git, and TruffleHog (installed automatically). Works on macOS and Linux. No API keys or external services needed.

What does the 10-point scan check? Git staged files, environment files (.env), config files, recent git history, high-entropy strings, known secret patterns, AWS/GCP/Azure credentials, private keys, database URLs, and API tokens.

Does it work with any AI agent framework? Yes. It's framework-agnostic — operates at the git and filesystem level. Works with OpenClaw, Claude Code, Cursor, Aider, or any tool that writes files.

Can it run on a schedule? Yes. Pair it with a cron job for periodic scans of your workspace. The scan outputs a structured report suitable for automated monitoring.

安全使用建议

This skill appears coherent and implements a useful local secret-scanning workflow, but review these points before installing: - Backup: back up existing .git/hooks/pre-commit and .gitignore before running setup.sh (the script appends/overwrites hooks and may add patterns). - Downloads: setup.sh downloads a TruffleHog tarball from GitHub and verifies a checksum from the same release; this is standard but still performs network I/O and writes a binary to $HOME/.local/bin—inspect the script and confirm the download URL if you have stricter policies. - Scope: scan.sh inspects files outside the repo (shell profiles, $HOME Desktop/Downloads, ~/.ssh) for environment secrets. This is by design for environment auditing, but if you only want repo-scanning, run scan.sh against the repo and avoid global checks. - Hooks behavior: the pre-commit hook is fail-closed and will block commits if TruffleHog is missing or finds results; you can bypass with git commit --no-verify, but that defeats the protection. Expect some operational friction. - SSH changes: run setup.sh --fix-ssh only if you understand it will modify permissions under ~/.ssh (chmod 700/600). - Cron/monitoring: monitor.sh writes .security-ops state files in the repo and exits non-zero when findings change; integrate it into cron carefully and ensure the notify action you call is safe. If you want maximum assurance, inspect the provided scripts locally (they are plain shell), run them in a test repository or VM first, and confirm network downloads and checksum logic meet your requirements.

功能分析

Type: OpenClaw Skill Name: agent-security-ops Version: 1.2.2 The agent-security-ops skill bundle provides a comprehensive security auditing suite, including repository hardening, secret scanning (via TruffleHog and custom regex), and continuous monitoring. While the scripts are well-structured and include security best practices like SHA256 checksum verification for external binaries (setup.sh), the scan.sh script performs extensive system discovery. It reads shell profiles (.bashrc, .zshrc, etc.), audits ~/.ssh permissions, lists all listening network ports, and scans the user's Home, Desktop, and Downloads directories for .env files. Although these actions are documented and aligned with the stated goal of preventing secret leaks, they constitute high-risk discovery behaviors that could be exploited for machine profiling or data collection if the agent's output is mismanaged or redirected.

能力评估

✓ Purpose & Capability

Name/description match the implementation: scripts set up pre-commit hooks, run multiple scans, harden .gitignore, and provide a monitor. No unrelated credentials or opaque external services are requested.

ℹ Instruction Scope

The runtime instructions and scripts scan both the repository and user home areas (shell profiles, $HOME Desktop/Downloads, ~/.ssh) and create repository state under .security-ops. They also install a fail-closed pre-commit hook that will block commits if TruffleHog is missing or finds secrets. These are reasonable for an 'agent-ops' security tool, but they go beyond repo-only scanning and will touch user files and repo hooks.

ℹ Install Mechanism

There is no platform install spec in the registry (instruction-only), but setup.sh downloads a TruffleHog tarball from the project's GitHub releases and verifies a SHA256 checksum from the same release. Checksum verification is implemented (good), but network download and extraction remain higher-risk than using a vetted package manager; this is nonetheless proportionate to the stated purpose.

✓ Credentials

The skill declares no required env vars; only an optional TRUFFLEHOG_VERSION override is supported. The scripts read $HOME and may inspect shell profiles and other user files (intended for environment secret detection) — this access is consistent with the tool's purpose but worth noting to users.

ℹ Persistence & Privilege

The skill is not always:true. It writes a pre-commit hook to the repository, appends to/edits .gitignore, creates .security-ops state inside the repo, installs a trufflehog binary to $HOME/.local/bin, and (with --fix-ssh) can change permissions in ~/.ssh. Those modifications are in-scope for a repo hardening tool but are persistent and can be disruptive (blocked commits, changed SSH file permissions).

版本历史

v1.2.2

Updated newsletter CTAs with UTM tracking and skill-specific messaging

v1.2.1

Added GEO/AEO FAQ section for LLM discoverability

v1.2.0

Added newsletter subscribe CTA and social links

v1.1.3

Post-review fixes: add --fail to curl, remove dead variable, warn if jq missing.

v1.1.2

Added homepage, metadata, TAW branding in description.

v1.1.1

Re-publish. 3-round review fixes: gitignore check bug, hook overwrite, macOS timeout, cross-platform compat.

v1.1.0

3-round review (code quality, security, DX). Fixes: gitignore check bug, hook overwrite on re-run, macOS timeout hang, cross-platform stat, trap cleanup. Added portable run_timeout (perl fallback).

元数据

Slug agent-security-ops

版本 1.2.2

许可证 —

累计安装 3

当前安装数 3

历史版本数 7

常见问题