Secret Scanner
Skill by lxgicstudios
Why use this skill?
Proactively identify and prevent hardcoded secrets, API keys, and sensitive data exposure in your codebase with the OpenClaw Secret Scanner tool.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/lxgicstudios/secret-scannerWhat This Skill Does
The Secret Scanner by lxgicstudios is a powerful security auditing tool designed for OpenClaw agents to proactively identify sensitive information within your codebase. As developers, accidentally committing secrets like AWS keys, database credentials, or API tokens is a common vulnerability. This skill automates the detection of these hardcoded secrets by analyzing file structures and patterns. It goes beyond simple regex searches by looking at common configuration files like .env, environment variable exports, and even historical git commits to ensure that no sensitive data is inadvertently exposed to third parties or public repositories. By integrating this into your OpenClaw agent workflow, you gain an extra layer of defense, ensuring your security posture remains intact without needing to manually inspect every line of code before a commit or deployment.
Installation
To add this skill to your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/lxgicstudios/secret-scanner
Once installed, the agent can trigger the scanner directly via natural language commands or automated triggers defined in your project workflow.
Use Cases
- Pre-Push Verification: Scan your local repository before pushing to GitHub or GitLab to prevent sensitive credential exposure.
- CI/CD Pipeline Security: Integrate the scan into your automated build process to block deployments containing hardcoded keys.
- Security Onboarding: Quickly audit inherited codebases to ensure no legacy secrets remain that could compromise your new infrastructure.
- Regulatory Compliance: Perform routine audits to satisfy security requirements for SOC2, HIPAA, or PCI-DSS by proving that your code is scrubbed of plain-text credentials.
Example Prompts
- "OpenClaw, please run a deep secret scan on my current project directory to ensure no API keys are exposed."
- "Scan the ./src folder for any hardcoded AWS or Stripe credentials and give me a summary of any findings."
- "Can you check my git history and current project files for any accidentally committed secrets?"
Tips & Limitations
- False Positives: While highly effective, automated pattern matching can occasionally flag strings that look like keys but are not (false positives). Always verify the results before deleting any code.
- Git History: The scanner checks git history, which is vital, but ensure you understand that removing a secret from history requires rewriting the commit log.
- Scope: While it detects a wide range of common patterns, it does not replace comprehensive manual security audits or the use of vault services like HashiCorp Vault or AWS Secrets Manager for production credential management.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-lxgicstudios-secret-scanner": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read
Related Skills
script-gen
Generate package.json scripts with AI. Use when setting up npm scripts.
email-template-gen
Generate responsive email templates. Use when building transactional emails.
branch-namer
Generate descriptive git branch names from plain English. Use when you need a branch name that follows conventions.
cloudflare-gen
Generate Cloudflare Workers configuration and code. Use when building on the edge.
adr-writer
Generate Architecture Decision Records with AI. Use when documenting technical decisions.