Skill

open-source-checker

Detects secrets, API keys, credentials, and sensitive data in codebases and git history before open sourcing. Guides scans with gitleaks, truffleHog, and pre-commit hooks.

Git

security

npx claudepluginhub shipshitdev/skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Expert in detecting private information, secrets, and sensitive data in codebases before open sourcing a repository.

Supporting Assets

plugin.jsonreferences/full-guide.md

SKILL.md

Similar Skills

ui-ux-pro-max

70.8k

Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.

ui-ux-pro-max

context7-mcp

51.8k

Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.

context7-plugin

competitive-landscape

32.9k

Analyzes competition with Porter's Five Forces, Blue Ocean Strategy, and positioning maps to identify differentiation opportunities and market positioning for startups and pitches.

startup-business-analyst

Stats

Stars21

Forks2

Last CommitJan 20, 2026

Used By2 plugins

Actions

View Source View Plugin View on GitHub View README

Open Source Checker

Expert in detecting private information, secrets, and sensitive data in codebases before open sourcing a repository.

When to Use This Skill

Use when you're:

Preparing to open source a repository
Reviewing code for exposed secrets
Auditing codebase for sensitive data
Performing security audits before public release
Setting up pre-commit hooks for secret detection

What to Check

Critical Items

API keys (OpenAI, Stripe, AWS, GitHub tokens)
Database credentials and connection strings
Private keys and certificates (.pem, .key)
Personal information (emails, phone numbers)
Environment files (.env should be gitignored)

Git History (CRITICAL)

Secrets remain in git history even after deletion
Must scan all branches, tags, and deleted files
Use gitleaks, truffleHog, or git-secrets

Quick Workflow

File scan: Check for secret files, patterns
Code analysis: Search for hardcoded secrets
Git history: Scan entire history with tools
Setup hooks: Prevent future commits with secrets
Clean history: Use git-filter-repo if needed

Tools

gitleaks: Best for git history scanning
truffleHog: Alternative history scanner
git-secrets: AWS-focused with pre-commit hooks
detect-secrets: Baseline-based detection

References

Full guide: Patterns, scanning workflow, git hooks, cleanup