← 返回 Skills 市场

Vibe Sanitizer - Check and Sanitize git repository for secrets

Name: Vibe Sanitizer - Check and Sanitize git repository for secrets
Author: macoloye

作者 Maco · GitHub ↗ · v1.1.0 · MIT-0

cross-platform ✓ 安全检测通过

110

总下载

当前安装

版本数

在 OpenClaw 中安装

/install vibe-sanitizer

功能描述

Use this skill when an agent needs to scan a Git repository for secrets, credentials, or machine-specific file paths, then sanitize safe findings in place or...

安全使用建议

This package appears to be what it claims: a local Python-based repo scanner/sanitizer that runs git commands and can rewrite files. Before running: (1) verify you trust the bundled source (it's executed directly); (2) ensure python3 and git are available — the registry metadata omits those requirements; (3) back up or use a non-destructive workflow (export mode) before using in-place sanitization; (4) confirm the export destination is outside the repo as the tool enforces; (5) if you need stricter guarantees, inspect the included files yourself for unexpected behavior or run in a sandboxed environment.

功能分析

Type: OpenClaw Skill Name: vibe-sanitizer Version: 1.1.0 The vibe-sanitizer skill is a legitimate utility designed to scan and redact secrets, credentials, and machine-specific paths from Git repositories. The implementation in src/vibe_sanitizer uses standard library components and safe subprocess calls to Git without shell execution. The SKILL.md instructions include explicit guardrails preventing the agent from outputting raw secrets, and the code lacks any network connectivity or data exfiltration logic. The configuration parsing uses ast.literal_eval for safety, and the export functionality includes checks to prevent writing into the source repository.

能力标签

cryptorequires-walletrequires-oauth-token

能力评估

ℹ Purpose & Capability

Name/description align with included Python scanner/sanitizer source. The code implements scanning, previewing, in-place edits, and export functionality as documented. However, the registry metadata claims 'required binaries: none' and 'instruction-only', while SKILL.md and the code expect python3 (to run the bundled module) and use git subprocesses; that metadata omission is an inconsistency.

✓ Instruction Scope

SKILL.md instructs the agent to run the bundled CLI from ./src against a repo root and to prefer narrow scopes, not to print raw secrets, and not to export into the source repo. The code follows those constraints: scanning, masking/previews, optional in-place rewriting only for findings marked editable, and export validation that enforces output outside the source repo. There are no instructions to read unrelated system files or to transmit data externally.

✓ Install Mechanism

There is no network install spec — the Python source is bundled and executed directly. This is lower-risk than fetching remote archives. Running the skill will execute local Python code (the bundled package) and spawn git subprocesses; that is expected for this tool.

✓ Credentials

The skill declares no required environment variables or credentials and the code does not attempt to read secrets from the environment. The only environment access is checking NO_COLOR to decide color output and Path.home() for path detectors — both are proportional to the tool's purpose.

✓ Persistence & Privilege

The skill is not always-enabled and does not request elevated privileges. It does write to repository files when run with sanitize --mode in-place and creates an export directory when asked; those behaviors are expected and documented. It does not modify other skills or system-wide agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install vibe-sanitizer
安装完成后，直接呼叫该 Skill 的名称或使用 /vibe-sanitizer 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.0

v1.1.0 updates the documentation for improved clarity and usability. - Reorganized usage instructions into easy-to-read tables. - Clarified when to use each CLI command and scan scope. - Added concise guides for typical workflows and setup steps. - Refined guardrails and response style best practices. - No changes to bundled code or features; documentation only.

v1.0.0

Initial release of vibe-sanitizer skill. - Enables agents to scan Git repositories for secrets, credentials, and machine-specific paths. - Provides options to sanitize findings in place or export a sanitized copy using the bundled Python CLI. - Detects common secret patterns (API keys, tokens, credentials, private keys, sensitive file paths, etc.). - Includes documented workflows for scanning, sanitizing, and exporting repositories. - Adds guardrails to prevent exposing secrets or unsafe automated rewriting. - Supports `scan`, `sanitize`, `export`, and `init-config` CLI commands.

元数据

Slug vibe-sanitizer

版本 1.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

Vibe Sanitizer - Check and Sanitize git repository for secrets 是什么？

Use this skill when an agent needs to scan a Git repository for secrets, credentials, or machine-specific file paths, then sanitize safe findings in place or... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 110 次。

如何安装 Vibe Sanitizer - Check and Sanitize git repository for secrets？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install vibe-sanitizer」即可一键安装，无需额外配置。

Vibe Sanitizer - Check and Sanitize git repository for secrets 是免费的吗？

是的，Vibe Sanitizer - Check and Sanitize git repository for secrets 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Vibe Sanitizer - Check and Sanitize git repository for secrets 支持哪些平台？

Vibe Sanitizer - Check and Sanitize git repository for secrets 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Vibe Sanitizer - Check and Sanitize git repository for secrets？

由 Maco（@macoloye）开发并维护，当前版本 v1.1.0。