secret-leak-detector
Secret Leak Detector
Purpose and Intent
The secret-leak-detector is designed to safeguard repositories by identifying hardcoded sensitive information such as API keys, database credentials, and authentication tokens before they are committed or after they have been accidentally pushed to history.
When to Use
- Pre-commit Checks: Run this skill before committing changes to ensure no secrets are being introduced.
- CI/CD Pipelines: Integrate into automated pipelines to block builds that contain plain-text secrets.
- Legacy Audits: Use with
scan_history: trueto perform a deep audit of a project's entire history to find secrets that were deleted but still exist in git logs.
When NOT to Use
- Production Logs: This tool is for source code and config files; it is not optimized for scanning terabytes of runtime logs.
- Binary Files: It will not effectively detect secrets inside compiled binaries or encrypted blobs.
Input and Output Examples
More from jorgealves/agent_skills
python-security-scanner
Detect common Python vulnerabilities such as SQL injection, unsafe deserialization, and hardcoded secrets. Use as part of a secure SDLC for Python projects.
187gdpr-ccpa-privacy-auditor
Audits web applications to ensure declared privacy policies match actual technical data collection practices. Use to identify discrepancies in cookie usage, tracking scripts, and user data handling.
150prompt-injection-scanner
Audits agent skill instructions and system prompts for vulnerabilities to prompt hijacking and indirect injection. Use when designing new agent skills or before deploying agents to public environments where users provide untrusted input.
147hipaa-compliance-guard
Audits HealthTech applications for HIPAA technical safeguards like encryption and audit logging. Use when reviewing healthcare infrastructure or ensuring PHI is handled according to legal security standards.
128pii-sanitizer
Detects and redacts Personally Identifiable Information (PII) like emails, phone numbers, and credit cards. Use when cleaning logs, datasets, or communications to comply with GDPR/CCPA privacy standards.
128documentation-generator
Analyzes source code to automatically generate technical documentation and architecture diagrams. Use to maintain up-to-date API references and onboarding materials for engineering teams.
127