Skill

open-source-checker

Detects secrets, API keys, credentials, and sensitive data in codebases and git history before open sourcing. Guides scans with gitleaks, truffleHog, and pre-commit hooks.

Git

security

npx claudepluginhub shipshitdev/library

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Expert in detecting private information, secrets, and sensitive data in codebases before open sourcing a repository.

Supporting Assets

plugin.jsonreferences/full-guide.md

SKILL.md

Similar Skills

open-source-checker

Detects secrets, API keys, credentials, and sensitive data in codebases and git history before open sourcing. Guides scans with gitleaks, truffleHog, and pre-commit hooks.

2 files

shipshitdev-library

secret-scanner

Scans code, git history, and configs for secrets like API keys, cloud credentials, private keys, and DB strings using regex, entropy, and context. Assesses severity and generates remediation reports.

devkit

secret-scanner

586

Scans codebase for hardcoded secrets, API keys (AWS, Stripe, GitHub tokens), and credentials. Checks .env files and git history for leaks. Use before public repo pushes, security audits, or CI/CD setup.

10 files

sundial-org-awesome-openclaw-skills-4

Stats

Parent Repo Stars8

Parent Repo Forks1

Last CommitJan 20, 2026

Used By2 plugins

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Open Source Checker

Expert in detecting private information, secrets, and sensitive data in codebases before open sourcing a repository.

When to Use This Skill

Use when you're:

Preparing to open source a repository

Reviewing code for exposed secrets

Auditing codebase for sensitive data

Performing security audits before public release

Setting up pre-commit hooks for secret detection

What to Check

Critical Items

API keys (OpenAI, Stripe, AWS, GitHub tokens)

Database credentials and connection strings

Private keys and certificates (.pem, .key)

Personal information (emails, phone numbers)

Environment files (.env should be gitignored)

Git History (CRITICAL)

Secrets remain in git history even after deletion

Must scan all branches, tags, and deleted files

Use gitleaks, truffleHog, or git-secrets

Quick Workflow

File scan: Check for secret files, patterns

Code analysis: Search for hardcoded secrets

Git history: Scan entire history with tools

Setup hooks: Prevent future commits with secrets

Clean history: Use git-filter-repo if needed

Tools

gitleaks: Best for git history scanning

truffleHog: Alternative history scanner

git-secrets: AWS-focused with pre-commit hooks

detect-secrets: Baseline-based detection

References