Secret Exposure Gate

在发布前检查目录中是否含秘钥、token、私有 URL、证书片段或凭证文件。；use for secrets, security, preflight workflows；do not use for 显示完整密钥值, 修改用户文件.

This skill appears to be what it says: a local, read-only preflight scanner implemented in a Python script and templates. Before installing/using it: (1) Only run it against directories you expect it to read — it will open and scan text files under the provided path. (2) The script masks long-looking secrets matched by the 'secret_like' regex, but other matches (private URLs, command snippets) may be shown verbatim or partially; avoid pointing it at production secrets you cannot re-share. (3) Review and, if needed, extend the redaction rules (e.g., mask full URLs or additional secret patterns) and test on a non-sensitive sample. (4) Use --dry-run and inspect output locally; do not pipe results to external services without redaction. If the script ever attempts network access, asks for credentials, or an install spec appears that downloads code from an external URL, re-evaluate (those would change the assessment).

Type: OpenClaw Skill Name: secret-exposure-gate Version: 1.0.0 The skill bundle is a legitimate security auditing tool designed to scan local directories for secrets, tokens, and high-risk command patterns (like 'curl|bash') before publication. The core logic in 'scripts/run.py' uses standard Python libraries and regex to identify potential leaks, and it includes a specific function to mask detected secrets in the output to prevent further exposure. The instructions in 'SKILL.md' and the implementation are consistent with the stated purpose, showing no signs of data exfiltration, unauthorized execution, or malicious intent.