← 返回 Skills 市场
399
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install secret-detection
功能描述
Git hook to detect secrets before commit.
安全使用建议
This skill appears to do what it says: a local git pre-commit scanner implemented in Python that requires git and python3. Before installing, review the script (scripts/main.py) yourself. Key points to consider:
- The scanner prints matched secrets (it includes a 'secret' field in its JSON output and prints a substring to the console). That can expose sensitive values in terminal history or CI logs — if you use this in CI or shared terminals, prefer redaction or change the script to mask secrets (e.g., show only the match type and filename/line, not the secret substring).
- Installation is repo-local (.git/hooks/pre-commit). It will only run in that repository; it does not request external network access or credentials.
- The README/SKILL.md claim it prints the first 20 characters of secrets, but the hook output prints up to 60 characters of file content — a small inconsistency to be aware of and correct if you want stricter redaction.
- If you need organization-wide enforcement, consider a vetted tool (e.g., git-secrets, pre-commit frameworks, or a centralized scanning solution) rather than per-repo hooks.
If you decide to install: run the script in a test repository first, and consider editing the scanner to mask or not include the actual secret value in outputs and saved logs.
功能分析
Type: OpenClaw Skill
Name: secret-detection
Version: 1.0.0
The OpenClaw AgentSkills bundle 'secret-detection' is benign. It functions as a local git pre-commit hook to scan staged files for common secret patterns. The `scripts/main.py` file uses standard Python libraries and `subprocess` to interact with git, read local files, and install the hook. There is no evidence of data exfiltration, malicious execution, unauthorized persistence, or prompt injection attempts against the OpenClaw agent. The printing of partial secret content to the console is an explicit, documented feature for user identification, not an attempt at malicious data exfiltration.
能力评估
Purpose & Capability
Name/description, SKILL.md, and the included Python script all implement a git pre-commit secret scanner. Requested binaries (git, python3) are appropriate and used by the script (git used to list staged files; python3 runs the scanner). No unexpected services or credentials are required.
Instruction Scope
Instructions focus on installing a repo-local pre-commit hook and scanning staged or specified files, which matches the code. Minor discrepancies: SKILL.md and README state the script prints the first 20 characters of detected secrets, but the hook-run path prints up to 60 characters of the file content in the commit-blocking output. The script reads file contents and prints matched secret substrings to stdout — expected for identification but a potential privacy/secret-leak risk (terminal, CI logs).
Install Mechanism
No remote downloads or package installs; install simply writes a .git/hooks/pre-commit file that invokes the local script. This is standard for repo-local git hooks and does not introduce high-risk install behavior.
Credentials
The skill requests no environment variables or external credentials, which is appropriate. However, it prints portions of detected secrets to the console (and JSON output includes the secret in full under 'secret' field), which may expose secrets to terminal history, CI logs, or other observers. Consideration should be given to redaction before printing/storing findings.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence. Its install writes only to the repository's .git/hooks directory; it does not modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install secret-detection - 安装完成后,直接呼叫该 Skill 的名称或使用
/secret-detection触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of git pre-commit secret detection skill.
- Scans staged files for common secret patterns (API keys, passwords, tokens) before commit.
- Blocks commits if secrets are found and prints detection details with file names and line numbers.
- Provides command-line tool to install pre-commit hook and to manually scan files or staged changes.
- Outputs a detection report and exit code (1 if secrets found).
- Requires git and Python 3.6+; works locally without external services.
- Limitations: may have false positives, doesn't scan binaries, must be installed per-repository.
元数据
常见问题
Secret Detection 是什么?
Git hook to detect secrets before commit. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 399 次。
如何安装 Secret Detection?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install secret-detection」即可一键安装,无需额外配置。
Secret Detection 是免费的吗?
是的,Secret Detection 完全免费(开源免费),可自由下载、安装和使用。
Secret Detection 支持哪些平台?
Secret Detection 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Secret Detection?
由 Derick(@derick001)开发并维护,当前版本 v1.0.0。
推荐 Skills