doro-git-secrets-scanner
Git 安全扫描器 - 检查提交中的敏感信息泄露(API keys、密码、token)
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/a2mus/doro-git-secrets-scannerWhat This Skill Does
The doro-git-secrets-scanner skill provides an intelligent, automated interface for identifying sensitive information leaks within git repositories. By leveraging powerful backend tools like Gitleaks, TruffleHog, and git-secrets, this agent can scan your codebase for exposed AWS keys, database passwords, OAuth tokens, and private cryptographic keys before they are committed or pushed to remote servers. The skill essentially acts as a security sentry that analyzes git history, unstaged changes, and entire repositories to ensure your secrets remain private and your infrastructure remains secure.
Installation
You can install the doro-git-secrets-scanner by running the following command in your terminal within the OpenClaw environment: clawhub install openclaw/skills/skills/a2mus/doro-git-secrets-scanner. Once installed, ensure that your environment has at least one of the supported scanning engines (Gitleaks, TruffleHog, or git-secrets) installed on your system path. If you are operating in a CI/CD environment, the skill will automatically integrate with GitHub Actions to trigger automated security audits on every push or pull request.
Use Cases
- Pre-commit Prevention: Run the scanner automatically before every commit to catch secrets before they are permanently written to your git history.
- Historical Audits: Perform a deep scan across the entire commit history of a repository to identify legacy leaks that may have occurred months or years ago.
- CI/CD Security Gates: Incorporate the scanner into your deployment pipeline to fail builds that contain hardcoded credentials.
- Multi-repo Compliance: Iterate through a collection of organizational repositories to maintain a high-level view of potential credential leakage across teams.
Example Prompts
- "Scan the current repository for any leaked AWS access keys or hardcoded database credentials in the last 10 commits."
- "Perform a full history scan of this project and report any findings categorized by rule ID and file path."
- "Set up a pre-commit hook in this project to prevent anyone from pushing commits that contain .env files or secret strings."
Tips & Limitations
- False Positives: Automated scanners occasionally flag entropy-heavy strings that are not actual secrets. Review findings manually before revoking production keys.
- Performance: Scanning large repositories with extensive history may take several minutes; for initial runs, consider scanning only recent branches or specific commits.
- Cleanup: This skill detects leaks, but cleaning them requires using tools like BFG Repo-Cleaner or git-filter-repo to rewrite history. Always back up your repository before performing destructive cleanup operations.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-a2mus-doro-git-secrets-scanner": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution
Related Skills
stitch-ui-designer
Design, preview, and generate UI code using Google Stitch (via MCP). Helps developers choose the best UI by generating previews first, allowing iteration, and then exporting code.
Doro Email To Calendar
Skill by a2mus
doro-command-creator
WHAT: Create Claude Code slash commands - reusable markdown workflows invoked with /command-name. WHEN: User wants to create, make, or add a slash command. User wants to automate a repetitive workflow or document a consistent process for reuse. KEYWORDS: "create a command", "make a slash command", "add a command", "new command", "/command", "automate this workflow", "make this repeatable"
doro-git-essentials
Essential Git commands and workflows for version control, branching, and collaboration.
doro-docker-essentials
Essential Docker commands and workflows for container management, image operations, and debugging.