← 返回 Skills 市场

Skylv Smart Secrets Scanner

Name: Skylv Smart Secrets Scanner
Author: sky-lv

作者 SKY-lv · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install skylv-smart-secrets-scanner

功能描述

Intelligent secrets detection and prevention — scan code, configs, and git history for exposed API keys, passwords, tokens, and credentials

使用说明 (SKILL.md)

smart-secrets-scanner

Intelligent secrets detection — scan code, configs, and git history for exposed API keys, passwords, tokens, and credentials before they leak.

Skill Metadata

Slug: smart-secrets-scanner
Version: 1.0.0
Description: Intelligent secrets and credential scanner for codebases. Detects exposed API keys, passwords, tokens, private keys, and credentials in source code, config files, environment variables, and git commit history. Provides auto-remediation suggestions.
Category: security
Trigger Keywords: secrets scanner, credential leak, API key detection, token exposure, security scan, secret detection, git secret

Capabilities

1. Scan Current Project

```bash node scanner.js scan ./src node scanner.js scan ./ --include ".js,.json,.yaml,.env*" ``` Detects 50+ patterns: AWS keys, GitHub tokens, Slack webhooks, database URLs, private keys, JWTs, etc.

2. Scan Git History

```bash node scanner.js git-scan --depth 50 node scanner.js git-scan --since "2024-01-01" ``` Finds secrets that were committed and later removed (still in git history).

3. Pre-commit Hook

```bash node scanner.js hook --install

Now every commit is scanned automatically

```

4. Auto-Redact

```bash node scanner.js redact ./src/config.js --replace-with "[REDACTED]" ``` Replace detected secrets with placeholder values.

Detection Patterns

Category	Examples
Cloud Keys	AWS_ACCESS_KEY, GCP_SERVICE_ACCOUNT, AZURE_CLIENT_SECRET
API Tokens	GitHub, Slack, Stripe, OpenAI, Anthropic, Google Maps
Database	MongoDB URI, PostgreSQL URL, Redis password
Crypto	RSA private key, SSH key, certificate
App Secrets	JWT secret, session key, encryption key
Config Files	.env, .npmrc, .pypirc, credentials.json

Use Cases

CI/CD Pipeline: Block deployments with exposed secrets
Pre-commit: Prevent secrets from entering git history
Audit: Scan existing codebase for leaked credentials
Compliance: SOC2, GDPR requirement for credential management
Education: Teach developers about secret management

Output Format

```json { "findings": [ { "file": "src/config.js", "line": 12, "type": "AWS_ACCESS_KEY", "severity": "CRITICAL", "matched": "AKIAIOSFODNN7EXAMPLE", "suggestion": "Move to environment variable or secrets manager" } ], "summary": { "critical": 1, "high": 0, "medium": 2, "low": 5 } } ```

安全使用建议

Only use this skill if you can verify what `scanner.js` is and can keep scan output private. Prefer a scanner that ships reviewed code or uses a trusted pinned dependency, masks secrets by default, and offers dry-run or backup options before installing hooks or redacting files.

功能分析

Type: OpenClaw Skill Name: skylv-smart-secrets-scanner Version: 1.0.0 The skill bundle describes a legitimate security utility designed to scan codebases and git history for exposed credentials and API keys. The documentation (SKILL.md) outlines standard security practices such as pre-commit hooks and auto-redaction, and the metadata (_meta.json) is consistent with the tool's stated purpose. No evidence of malicious intent, data exfiltration, or prompt injection was found in the provided files.

能力标签

cryptorequires-walletrequires-sensitive-credentials

能力评估

⚠ Purpose & Capability

The security-scanning goal is coherent, but the documented workflow handles highly sensitive credential material and shows full matched secrets in output rather than masked results.

⚠ Instruction Scope

The instructions include broad project and git-history scans, auto-redaction, and hook installation without clear safeguards such as path limits, dry-run review, backups, or default secret masking.

⚠ Install Mechanism

The package is instruction-only with no install spec or code files, yet the workflow calls `node scanner.js`; the reviewed artifacts do not provide or pin that script.

⚠ Credentials

Scanning code, config files, .env-style files, and git history is purpose-aligned for a secrets scanner, but it is high-impact because it exposes local secrets to the agent context.

ℹ Persistence & Privilege

A user-directed pre-commit hook is documented and would continue scanning every commit; this is expected for the purpose but should be installed only intentionally.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install skylv-smart-secrets-scanner
安装完成后，直接呼叫该 Skill 的名称或使用 /skylv-smart-secrets-scanner 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of smart-secrets-scanner v1.0.0. - Scans code, config files, and git history for exposed API keys, credentials, and sensitive data. - Supports 50+ detection patterns for cloud keys, tokens, private keys, database URLs, and more. - Provides auto-remediation suggestions and auto-redact capabilities. - Includes git pre-commit hook integration for proactive secret detection. - Outputs clear, structured JSON reports summarizing findings and severity levels.

元数据

Slug skylv-smart-secrets-scanner

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题