git-secrets-scanner
Git 安全扫描器 - 检查提交中的敏感信息泄露(API keys、密码、token)
Why use this skill?
Automate the detection of API keys, passwords, and sensitive tokens in your Git repositories. Protect your code with this OpenClaw security agent skill.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/guohongbin-git/git-secrets-scannerWhat This Skill Does
The git-secrets-scanner is an advanced OpenClaw agent skill designed to proactively identify and prevent the leakage of sensitive data within Git repositories. By integrating tools like Gitleaks, TruffleHog, and git-secrets, this agent acts as a security guard for your codebase. It scans commits, local files, and historical logs to detect hardcoded API keys, database credentials, SSH private keys, JWT tokens, and OAuth secrets. This automated approach ensures that developers catch security vulnerabilities before they are pushed to remote servers, effectively reducing the risk of data breaches and unauthorized access.
Installation
To integrate this security tool into your OpenClaw environment, use the command: clawhub install openclaw/skills/skills/guohongbin-git/git-secrets-scanner. Ensure you have Git installed on your system. Depending on your choice of scanning engine, you may need to install the underlying binary via Homebrew (e.g., brew install gitleaks) or Go (go install github.com/gitleaks/gitleaks/v8@latest). Once the skill is installed, the agent will have the permissions required to traverse your file system and execute scanning commands against your repository structure.
Use Cases
This skill is essential for individual developers, DevOps engineers, and security teams. Use it to scan new repositories for existing vulnerabilities, set up pre-commit hooks that block commits containing secrets, or perform bulk audits across hundreds of projects. It is particularly valuable during CI/CD pipelines where automated security gates are necessary to maintain compliance and protect corporate infrastructure from accidental credential exposure.
Example Prompts
- "OpenClaw, please scan the current directory for any exposed AWS secret keys or database connection strings using Gitleaks."
- "I need to audit the entire commit history of my current repository for any leaked secrets. Run a deep scan and provide a summary report."
- "Help me set up a pre-commit hook in this project to prevent anyone from accidentally pushing .env files or API keys in the future."
Tips & Limitations
While the scanner is highly effective, it is not infallible. Always prioritize manual verification of results to avoid false positives. It is recommended to use specific rulesets tailored to your environment rather than broad scans. Furthermore, remember that scanning a repository does not delete the secret from Git history; you must follow up by revoking compromised credentials and using tools like BFG or filter-repo to scrub sensitive data from your repository's commit logs entirely.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-guohongbin-git-git-secrets-scanner": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution
Related Skills
sspai-hot-cn
少数派热门文章监控 | SSPAI Hot Articles Monitor. 获取少数派热门数码评测、应用推荐、效率工具 | Get SSPAI trending digital reviews, app recommendations, productivity tools. 触发词:少数派、sspai、数码评测、效率工具.
binance-pro-cn
币安专业版 | Binance Pro. 完整币安集成 | Complete Binance integration. 现货/合约交易、杠杆、质押 | Spot/futures trading, leverage, staking. 触发词:币安、Binance、交易、trading.
v2ex-hot-cn
V2EX 热门话题监控 | V2EX Hot Topics Monitor. 获取 V2EX 热门帖子、技术讨论、数码生活 | Get V2EX trending posts, tech discussions, digital life. 触发词:V2EX、v2、程序员社区.
xueqiu-hot-cn
雪球热门讨论监控 | Xueqiu Hot Discussions Monitor. 获取雪球热门股票讨论、投资观点、大V动态 | Get Xueqiu trending stock discussions, investment insights, top posts. 触发词:雪球、股票、投资、xueqiu.
tianyancha-cn
企业信息查询 - 天眼查/企查查/爱企查数据查询(Bloomberg 终端中国版)