← 返回 Skills 市场

Skylv Secret Detector

Name: Skylv Secret Detector
Author: sky-lv

作者 SKY-lv · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install skylv-secret-detector

功能描述

Scans code for leaked secrets, API keys, tokens, and passwords. Triggers: scan secrets, check api key, security scan, leaked token.

使用说明 (SKILL.md)

Secrets Scanner

Overview

Scans repositories for accidentally committed secrets and API keys.

When to Use

User asks to "scan for secrets" or "security audit"
Pre-commit or pre-push security check

Patterns to Detect

AWS Key: AKIA[0-9A-Z]{16} GitHub Token: ghp_[a-zA-Z0-9]{36} Generic API Key: api[_-]?key.[a-zA-Z0-9]{20,} Private Key: -----BEGIN (RSA|DSA|EC) PRIVATE KEY----- Password in URL: ://[^@]+:.@ Slack Token: xox[baprs]-[0-9]{10,13}-[0-9]{10,13}

Commands

Windows: Select-String -Path . -Include .js,.py -Recurse -Pattern "ghp_[a-zA-Z0-9]{36}"

Linux/macOS: grep -rE "ghp_[a-zA-Z0-9]{36}|AKIA[0-9A-Z]{16}" --include=".js" --include=".py" .

Prevention

Add to .gitignore: .env .key credentials. secrets.* *.pem

安全使用建议

This looks safe for its stated purpose. Use it only in repositories you intend to inspect, do not paste raw secret findings into public places, and rotate or revoke any real credentials it finds.

功能分析

Type: OpenClaw Skill Name: skylv-secret-detector Version: 1.0.0 The skill is a straightforward security tool designed to scan local files for leaked secrets using standard regex patterns and shell commands (grep and Select-String). It contains no network activity, data exfiltration logic, or suspicious instructions, and its functionality aligns perfectly with its stated purpose in SKILL.md.

能力标签

cryptorequires-walletrequires-sensitive-credentials

能力评估

ℹ Purpose & Capability

SKILL.md states it "Scans repositories for accidentally committed secrets and API keys" and lists token/private-key patterns, which is coherent with the stated purpose but means results may include real secrets.

✓ Instruction Scope

The instructions are limited to pattern matching and prevention advice; they do not instruct the agent to delete files, upload results, override user intent, or run automatically.

✓ Install Mechanism

There is no install spec and no code files; the skill is documented as instruction-only and relies on built-in grep/Select-String examples.

ℹ Credentials

SKILL.md includes recursive current-directory scans such as `grep -rE ... .` and `Select-String -Path . ... -Recurse`, so users should run it only inside the repository they intend to inspect.

✓ Persistence & Privilege

The artifacts declare no required environment variables, credentials, config paths, background workers, persistence, or privileged access.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install skylv-secret-detector
安装完成后，直接呼叫该 Skill 的名称或使用 /skylv-secret-detector 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of skylv-secrets-scanner. - Scans code repositories for leaked secrets, API keys, tokens, and passwords. - Detects common patterns including AWS keys, GitHub tokens, Slack tokens, private keys, and credentials in URLs. - Provides platform-specific commands for scanning code on Windows, Linux, and macOS. - Offers prevention guidelines such as recommended .gitignore entries. - Supports triggers like "scan secrets", "check api key", and "security scan".

元数据

Slug skylv-secret-detector

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题