Stats
Actions
Tags
From hb
Scans git repositories for sensitive data including credentials, API keys, and PII. Supports full-scan and --diff mode for pre-commit checks.
How this skill is triggered — by the user, by Claude, or both
Slash command
/hb:safe-repo [--diff][--diff]The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Security audit for sensitive data in repository. Check for credentials, API keys, company-specific information, and PII.
Security audit for sensitive data in repository. Check for credentials, API keys, company-specific information, and PII.
--diff: scans only staged + unstaged changes (git diff + git diff --cached). Use before commit or when called from review / ship workflows. Fast, no false positives from pre-existing files.bash scripts/scan-secrets.sh to scan all tracked files for credential patterns
(see references/patterns.md for full pattern list).gitignore for proper patterns--diff modegit diff --name-only HEAD + git diff --name-only --cachedgit ls-files) - ignore local configs.gitignore covers sensitive patternsgit log --oneline -100npx claudepluginhub helderberto/agent-skills --plugin hbScans codebase for hardcoded secrets, API keys, credentials, tokens, and sensitive data. Supports directories, --all for full repo, --staged for git changes. Reports severity, locations, remediation.
Runs gitleaks scans for secret detection, validates configurations, and integrates with pre-commit hooks to prevent credential leaks in Git repos.
Scans code, git history, and configs for secrets like API keys, cloud credentials, private keys, and DB strings using regex, entropy, and context. Assesses severity and generates remediation reports.