← 返回 Skills 市场
124
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install skylv-secrets-scanner
功能描述
Scans code for leaked secrets, API keys, tokens, and passwords. Triggers: scan secrets, check api key, security scan, leaked token.
安全使用建议
This skill is instruction-only and simply tells the agent how to run local grep/Select-String patterns to find likely secrets. Before installing: (1) confirm you trust the skill trigger and understand it will read files in the working directory (it does recursive scans); (2) note that the provided commands only check GitHub tokens and AWS keys in .js/.py files — update the commands if you need other patterns or file types; (3) add safe handling steps for any discovered secrets (rotate/secure them) and ensure findings are not sent to external services; (4) avoid running this over unrelated system dirs (home, /etc) to prevent accidental disclosure of unrelated secrets; and (5) if you expect broader coverage or automation, prefer a maintained scanner (repo with code) rather than instruction-only text so you can review the exact implementation.
功能分析
Type: OpenClaw Skill
Name: skylv-secrets-scanner
Version: 1.0.0
The skylv-secrets-scanner skill is a legitimate security utility designed to identify leaked secrets and API keys in local files. It uses standard system commands (grep and Select-String) to search for common patterns like AWS keys and GitHub tokens, and it contains no evidence of data exfiltration, malicious execution, or prompt injection.
能力标签
能力评估
Purpose & Capability
Name and description match the behavior: SKILL.md describes searching repositories for leaked secrets. The declared requirements (none) are appropriate for an instruction-only scanner. Minor inconsistency: the 'Patterns to Detect' lists multiple secret types but the provided command examples only search for GitHub tokens and AWS keys and only in .js/.py files, so the commands don't fully implement all claimed patterns.
Instruction Scope
Instructions tell the agent to recursively scan the working tree using Select-String/grep, which is expected for a repo scanner. However: (1) commands are narrowly targeted (only two regexes and file extensions), (2) there is no guidance on safe handling/storage/transmission of discovered secrets, and (3) no instruction to exclude sensitive system directories. These are usability/security hygiene gaps but not evidence of malicious intent.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes disk-write risk; nothing is downloaded or installed.
Credentials
The skill requests no environment variables, credentials, or config paths — proportional to a local scanning helper.
Persistence & Privilege
always:false and no requests to modify agent/system config. The skill has normal, non-persistent invocation behavior.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skylv-secrets-scanner - 安装完成后,直接呼叫该 Skill 的名称或使用
/skylv-secrets-scanner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of skylv-secrets-scanner.
- Scans code for leaked secrets, API keys, tokens, and passwords.
- Detects patterns for AWS keys, GitHub tokens, generic API keys, private keys, passwords in URLs, and Slack tokens.
- Supports security scans via relevant triggers.
- Provides command examples for both Windows and Linux/macOS environments.
- Offers prevention tips for avoiding secret leaks.
元数据
常见问题
Skylv Secrets Scanner 是什么?
Scans code for leaked secrets, API keys, tokens, and passwords. Triggers: scan secrets, check api key, security scan, leaked token. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 124 次。
如何安装 Skylv Secrets Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skylv-secrets-scanner」即可一键安装,无需额外配置。
Skylv Secrets Scanner 是免费的吗?
是的,Skylv Secrets Scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skylv Secrets Scanner 支持哪些平台?
Skylv Secrets Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skylv Secrets Scanner?
由 SKY-lv(@sky-lv)开发并维护,当前版本 v1.0.0。
推荐 Skills