ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 4/5

ggshield-scanner

Detect 500+ types of hardcoded secrets (API keys, credentials, tokens) before they leak into git. Wraps GitGuardian's ggshield CLI.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/amascia-gg/ggshield-scanner
Or

What This Skill Does

The ggshield-scanner skill integrates the powerful GitGuardian CLI into your OpenClaw agent, providing a robust security layer for your development workflow. It enables your agent to scan local repositories, staged git files, individual code files, and even Docker images for over 500 types of hardcoded secrets. By leveraging ggshield, your AI agent acts as a proactive security guard, ensuring that sensitive information like AWS keys, Stripe tokens, database passwords, and private certificates are identified and mitigated before they are ever committed to your version control system. It essentially prevents security leaks at the source.

Installation

To begin, ensure you have Python 3.8+ installed on your system. First, install the base ggshield CLI via pip: pip install ggshield>=1.15.0. Next, obtain your GitGuardian API key from the GitGuardian dashboard and export it as an environment variable: export GITGUARDIAN_API_KEY="your-api-key-here". Once the CLI is ready, install the skill into your OpenClaw environment by running clawdhub install ggshield-scanner. Finally, restart your OpenClaw agent to activate the new capabilities.

Use Cases

This skill is ideal for security-conscious development teams. Common use cases include performing comprehensive repository audits on legacy projects to find existing leaked credentials, running pre-commit checks to ensure new changes are clean, and scanning Docker container layers to ensure security credentials aren't accidentally baked into images. It is also an excellent tool for CI/CD pipeline automation, where the agent can automatically reject commits that contain sensitive data.

Example Prompts

  1. "@clawd, please perform a full security audit of the current repository and report any secrets found."
  2. "@clawd, scan only my staged changes to ensure I haven't accidentally included any API keys in my latest commit."
  3. "@clawd, scan this local Docker image 'my-app:latest' for any sensitive configuration files or credentials."

Tips & Limitations

Always ensure your GITGUARDIAN_API_KEY is kept secure; do not hardcode it in scripts. While ggshield is highly accurate, always review detected secrets manually to avoid false positives. This skill requires read access to your file system to perform its scans; ensure OpenClaw has the necessary permissions to access your source code directories.

Read Full Documentation on GitHub

Metadata

Author@amascia-gg
Stars4473
Views0
Updated2026-05-01
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-amascia-gg-ggshield-scanner": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#devops#secrets#git#compliance
Safety Score: 4/5

Flags: file-read, external-api