Skill

Overview

Scans codebases for leaked secrets (API keys, tokens, passwords, private keys), insecure code patterns, and configuration issues. Returns severity-rated findings with file locations and remediation steps.

Bash

security

npx claudepluginhub syncable-dev/syncable-cli --plugin syncable-cli-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Scan a codebase for leaked secrets (API keys, tokens, passwords, private keys), insecure code patterns, and configuration issues. Returns findings with severity, file locations, and remediation.

SKILL.md

Similar Skills

design-system

167.4k

Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.

team-skills-platform

ui-demo

167.4k

Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.

team-skills-platform

kotlin-patterns

167.4k

Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.

team-skills-platform

Stats

Parent Repo Stars35

Parent Repo Forks7

Last CommitMar 31, 2026

Actions

View Source View Plugin View on GitHub View README

Overview

Scan a codebase for leaked secrets (API keys, tokens, passwords, private keys), insecure code patterns, and configuration issues. Returns findings with severity, file locations, and remediation.

Mode Selection

Always pass --mode explicitly:

Mode	When to use
`lightning`	Quick check, critical files only (.env, configs)
`fast`	Smart sampling, large repos during development
`balanced`	Default. Good coverage with optimizations
`thorough`	Pre-deployment, PR security reviews
`paranoid`	Compliance audits, production reviews

Flags

Flag	Purpose
`--mode <MODE>`	Scan depth (always specify)
`--agent`	Compressed output (always use)
`--include-low`	Include low-severity findings
`--no-secrets`	Skip secrets detection (code patterns only)
`--no-code-patterns`	Skip code patterns (secrets only)
`--fail-on-findings`	Exit with error code if findings exist (CI)
`--output <FILE>`	Write report to file

Steps

1. Run scan

sync-ctl security <PATH> --mode balanced --agent

Success criteria: JSON output with summary containing severity counts.

2. Report to user

Priority order: critical findings (leaked secrets) > high (insecure patterns) > summary score > remediation steps.

3. Retrieve details (if needed)

Compressed output only includes critical + first 10 high findings. Medium/low are counts only. Use retrieve for details:

sync-ctl retrieve <ref_id> --query "severity:medium"
sync-ctl retrieve <ref_id> --query "file:src/auth.rs"
sync-ctl retrieve <ref_id> --query "code:hardcoded-secret"

Results paginated (default 20). Use --limit N --offset M for more.

Available queries: severity:critical|high|medium|low|info, file:<path>, code:<id>

Error Handling

Error	Action
`No such file or directory`	Ask user to verify path
Very slow scan	Suggest `balanced` or `fast` mode instead
No findings with `lightning`/`fast`	Re-run with `balanced` for deeper coverage