secret-scanner
Secret Scanner Skill
This skill provides a multi-step workflow for scanning code, files, or git changes to detect leaked confidential information, including credentials, API keys, and Personally Identifiable Information (PII) like emails, phone numbers, and real names.
Recommended Scanning Workflow
The following guidelines outline a standard multi-step process for effectively scanning code for secrets:
Programmatic Scanning
When programmatic scanning is preferred or requested, tools like gitleaks or trufflehog should be used.
- For instructions on running or configuring these tools, consult references/programmatic_scanning.md.
Chunk/File Level Manual Analysis
When reviewing the content of a specified scope (e.g., staged git changes, unstaged changes, specific files), it helps to list all potential leak points first.
- To retrieve the content for the specified scope, consult references/scope_commands.md for shell commands.
- Look for:
- Common Secrets:
password,secret,token,api_key,access_key,jwt, private cryptographic keys. - Common PII: Electronic mail addresses (emails), phone numbers, real human names, physical addresses.
- For a broader list of secret types and PII, consult references/secret_types.md.
- Common Secrets:
More from zenless-lab/skills
python-docstring-expert
Expert methodology for evaluating, formatting, and generating Python docstrings. Use when creating or updating documentation for Python code, determining if a docstring is necessary based on API exposure, or formatting docstrings for modules, classes, and functions. Load this skill when code changes affect existing docstrings to keep them synchronized.
19cloud-init-crafter
Expert assistant for creating, modifying, and debugging cloud-init scripts. Supports multiple formats (YAML, shell, MIME archives), Jinja templating with instance-data, and multi-platform validation.
9readme-crafter
Use this skill when you need to write, refactor, or improve a project's README.md file. Trigger this anytime the user wants to create documentation, project overviews, or profile pages following best practices and modern aesthetics.
8skill-expert
Comprehensive master guide for designing, creating, editing, updating, and refactoring Agent Skills according to the official agentskills.io specification. Use this when you need to build or modify capabilities for an AI agent.
8agents-md-crafter
Use this skill when you need to create, update, or improve AI agent instruction files like AGENTS.md, GEMINI.md, or copilot-instructions.md. Trigger this anytime the user wants to set up standard AI rules, document project context for LLMs, or add repository-wide guidelines for AI agents.
8skill-crafter
Use this skill when creating a new skill or when modifying, updating, refactoring, restructuring, or reviewing an existing skill. Trigger it for framework-specific and framework-agnostic skill work, including SKILL.md design, folder layout, scripts, references, assets, metadata, and description optimization, even if the user only says "make a skill", "improve this skill", or "refactor the skill".
7