Skill

fulcrum-secret-hygiene

Never include credentials, API keys, tokens, passwords in tool inputs or memory writes. Every tool call accepting free-form text.

Install

npx claudepluginhub moabualruz/fulcrum --plugin fulcrum

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Never include credentials / API keys / tokens / passwords in:

Supporting Assets

agents/openai.yaml

SKILL.md

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

139.1k

claude-opus-4-5-migration

2 files

Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.

claude-opus-4-5-migration

83.2k

claude-code-plugin-release

1 file

Automates semantic versioning and release workflow for Claude Code plugins: bumps versions in package.json, marketplace.json, plugin.json; verifies builds; creates git tags, GitHub releases, changelogs.

claude-mem

64.7k

Stats

Parent Repo Stars1

Parent Repo Forks0

Last CommitApr 20, 2026

Actions

View Source View Plugin View on GitHub View README

Secret hygiene

Never include credentials / API keys / tokens / passwords in:

Tool inputs (especially Bash, Write, Edit, any MCP call).

Memory writes (write_memory content or tags).

Commit messages / PR bodies.

Block / escalate / complete reasons or summaries.

PreToolUse hook scans inputs, denies matches (9 patterns: AWS keys, GitHub tokens, API_KEY=..., bearer tokens, private keys, Slack tokens, DB URLs with inline creds, JWTs, password=...). Denial logged as secret_redacted policy event with tool name + approx location.

When this applies

Need API key for external service.

Config has DATABASE_URL=postgres://user:pass@host/db.

Shell command would echo token into logs.

Test fixture with sample credential.

Summarizing file containing secrets.

What to do

Need secret to proceed:

fulcrum action exec block_agent_run with reason "needs secret: <NAME>" — e.g., "needs secret: STRIPE_WEBHOOK_SECRET for integration tests in packages/billing".

CoS (or human operator) sets env var on worker adapter before next run.

Read from process.env.NAME inside code — never from prompt.

Files containing secrets

Do not paste contents into tool inputs or memories.

Reference by path only: "configured in .env.local".

Secret committed to repo by accident → block with reason "secret committed: <path>" + escalate. Rotation = human decision.

Red flags

Pasted key into Bash "just to test" → hook denied, attempt logged. Do not retry.

Wrote memory with literal token → delete (or ask CoS) + redo without secret.

Pattern scanner seems wrong, want to bypass → do not. File as feedback via lesson memory.

Secret hygiene

Never include credentials / API keys / tokens / passwords in:

Tool inputs (especially Bash, Write, Edit, any MCP call).
Memory writes (write_memory content or tags).
Commit messages / PR bodies.
Block / escalate / complete reasons or summaries.

When this applies

Need API key for external service.
Config has DATABASE_URL=postgres://user:pass@host/db.
Shell command would echo token into logs.
Test fixture with sample credential.
Summarizing file containing secrets.

What to do

Need secret to proceed:

fulcrum action exec block_agent_run with reason "needs secret: <NAME>" — e.g., "needs secret: STRIPE_WEBHOOK_SECRET for integration tests in packages/billing".
CoS (or human operator) sets env var on worker adapter before next run.
Read from process.env.NAME inside code — never from prompt.

Files containing secrets

Do not paste contents into tool inputs or memories.
Reference by path only: "configured in .env.local".
Secret committed to repo by accident → block with reason "secret committed: <path>" + escalate. Rotation = human decision.

Red flags

Pasted key into Bash "just to test" → hook denied, attempt logged. Do not retry.
Wrote memory with literal token → delete (or ask CoS) + redo without secret.
Pattern scanner seems wrong, want to bypass → do not. File as feedback via lesson memory.