← 返回 Skills 市场

Smart Secrets Scanner

Name: Smart Secrets Scanner
Author: sky-lv

作者 SKY-lv · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install smart-secrets-scanner

功能描述

Intelligent secrets detection and prevention — scan code, configs, and git history for exposed API keys, passwords, tokens, and credentials

功能分析

Type: OpenClaw Skill Name: smart-secrets-scanner Version: 1.0.0 The skill bundle describes a 'smart-secrets-scanner' designed to locate highly sensitive information, including AWS keys, database credentials, and private keys, across the filesystem and git history. While the documentation in SKILL.md outlines a legitimate security use case, the tool's core functionality involves high-risk data access. Since the actual implementation logic (scanner.js) is missing from the provided files, it is impossible to verify if the detected secrets are handled locally or exfiltrated to an external endpoint.

能力标签

cryptorequires-walletrequires-sensitive-credentials

能力评估

⚠ Purpose & Capability

The skill claims to be a Node-based scanner (commands like `node scanner.js scan ...`) but the skill bundle contains no code files, no scanner.js, and no install spec. It also does not declare Node (or any runtime) as a required binary. This is an internal inconsistency: either the skill should include the scanner implementation or declare how to obtain/install it.

ℹ Instruction Scope

The runtime instructions stay within the stated scope (scanning files and git history, installing a pre-commit hook, and redacting secrets). However they include actions that modify the repository (hook install, redact) — which is appropriate for a secrets tool but demands caution. The instructions do not describe safeguards, dry-run modes, or where findings are transmitted (no external endpoint declared).

⚠ Install Mechanism

There is no install spec — this is instruction-only. That is low-risk by itself, but the instructions assume a local scanner implementation and Node runtime. Without an included binary or a trusted install URL, there's no provenance for the code the instructions ask you to run. The lack of a homepage or source repository increases the risk.

ℹ scan_findings_in_context

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install smart-secrets-scanner
安装完成后，直接呼叫该 Skill 的名称或使用 /smart-secrets-scanner 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of smart-secrets-scanner. - Scans source code, config files, and git history for exposed API keys, passwords, tokens, and credentials. - Supports multiple detection patterns including cloud keys, API tokens, database URIs, private keys, and more. - Offers auto-remediation suggestions and the option to redact secrets. - Can be run as a pre-commit hook or integrated into CI/CD pipelines for leak prevention.

元数据

Slug smart-secrets-scanner

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题

Smart Secrets Scanner 是什么？

Intelligent secrets detection and prevention — scan code, configs, and git history for exposed API keys, passwords, tokens, and credentials. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 95 次。

如何安装 Smart Secrets Scanner？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install smart-secrets-scanner」即可一键安装，无需额外配置。

Smart Secrets Scanner 是免费的吗？

是的，Smart Secrets Scanner 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Smart Secrets Scanner 支持哪些平台？

Smart Secrets Scanner 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Smart Secrets Scanner？

由 SKY-lv（@sky-lv）开发并维护，当前版本 v1.0.0。