secret-scanner
Scans files, repos, and directories for leaked secrets — API keys, tokens, passwords, connection strings, private keys, and credentials. Detects 40+ secret patterns across all major cloud providers and services.
Why use this skill?
Instantly scan your project for hardcoded secrets, API keys, and sensitive tokens. Protect your cloud infrastructure with the OpenClaw secret scanner.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/nirwandogra/credential-scannerWhat This Skill Does
The secret-scanner skill is a robust security auditing tool designed to proactively identify sensitive information accidentally exposed within your codebase, configuration files, and documentation. By utilizing advanced pattern matching and entropy analysis, it identifies over 40 distinct types of secrets. These range from high-stakes cloud credentials—such as AWS Access Keys, Azure SAS tokens, and GCP Service Account keys—to application-specific secrets like Stripe API keys, OpenAI tokens, and database connection strings.
Beyond simply identifying that a secret exists, the tool categorizes findings by severity levels (Critical, High, Medium, Low). This prioritization allows developers and security teams to focus on the most dangerous leaks first. The scanner operates recursively, traversing directories while intelligently ignoring non-relevant paths like .git folders, node_modules, and binary assets to ensure speed and accuracy. It supports flexible output formats, including standard console logs, JSON for integration into CI/CD pipelines, and structured Markdown reports for manual auditing.
Installation
You can install the secret-scanner directly into your OpenClaw environment using the following command:
clawhub install openclaw/skills/skills/nirwandogra/credential-scanner
Use Cases
- Pre-commit Hooks: Run the scanner before pushing code to version control to ensure no accidental commits contain hardcoded credentials.
- Repository Auditing: Perform periodic security sweeps on legacy projects to clean up exposure left by previous contributors.
- Infrastructure Security: Validate that your configuration files, environment variables, and infrastructure-as-code (IaC) templates are free of plain-text passwords.
- Compliance Reporting: Use the JSON output to generate automated reports for security and compliance audits.
Example Prompts
- "Scan the current directory for any leaked API keys or private keys before I push my code to GitHub."
- "Check if there are any hardcoded database credentials or Slack tokens in my project folder."
- "Run a security audit on this repository and output the findings into a markdown report named audit.md."
Tips & Limitations
- Efficiency: The scanner is optimized for text-based files. If you have very large binary files, ensure they are in your ignore list to prevent scanning latency.
- Contextual Awareness: While the scanner catches the vast majority of common patterns, it is a static analysis tool. It does not replace the need for secure secret management services like HashiCorp Vault or AWS Secrets Manager.
- False Positives: Occasionally, strings that look like keys might be non-sensitive configuration parameters. Always verify the findings with the provided severity rating before revoking access.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-nirwandogra-credential-scanner": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read