Best use case
doro-git-secrets-scanner is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Git 安全扫描器 - 检查提交中的敏感信息泄露(API keys、密码、token)
Teams using doro-git-secrets-scanner should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/doro-git-secrets-scanner/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How doro-git-secrets-scanner Compares
| Feature / Agent | doro-git-secrets-scanner | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Git 安全扫描器 - 检查提交中的敏感信息泄露(API keys、密码、token)
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Marketing
Discover AI agents for marketing workflows, from SEO and content production to campaign research, outreach, and analytics.
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
SKILL.md Source
# Git 安全扫描器
检查提交中的敏感信息泄露。
## 工具对比
| 工具 | Stars | 特点 |
|------|-------|------|
| **Gitleaks** | 24,958 | 最流行,Go 编写,快速 |
| **TruffleHog** | 24,612 | 验证 secrets,支持多种格式 |
| **git-secrets** | 13,173 | AWS 官方,pre-commit hook |
## 安装
### Gitleaks(推荐)
```bash
# macOS
brew install gitleaks
# Linux
# 从 https://github.com/gitleaks/gitleaks/releases 下载
# 或使用 Go
go install github.com/gitleaks/gitleaks/v8@latest
```
### TruffleHog
```bash
# macOS
brew install trufflehog
# Linux
# 从 https://github.com/trufflesecurity/trufflehog/releases 下载
# 或使用 Docker
docker pull trufflesecurity/trufflehog:latest
```
### git-secrets
```bash
# macOS
brew install git-secrets
# Linux
git clone https://github.com/awslabs/git-secrets.git
cd git-secrets
sudo make install
```
## 使用方法
### 1. 扫描当前仓库
```bash
# Gitleaks
gitleaks detect --source . -v
# TruffleHog
trufflehog git file://. --only-verified
# git-secrets(需要先设置 hook)
git secrets --scan-history
```
### 2. 扫描特定提交
```bash
# Gitleaks
gitleaks detect --source . --log-opts="HEAD~1..HEAD"
# TruffleHog
trufflehog git file://. --commit=HEAD
```
### 3. 扫描所有历史
```bash
# Gitleaks
gitleaks detect --source . --log-opts="--all"
# TruffleHog
trufflehog git file://. --no-deletion
```
### 4. 设置 pre-commit hook
```bash
# git-secrets
cd your-repo
git secrets --install
git secrets --register-aws
```
### 5. CI/CD 集成
```yaml
# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]
jobs:
gitleaks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```
## 检测的内容
### API Keys
- AWS Access Keys
- GitHub Tokens
- Slack Tokens
- Stripe Keys
- Moltbook API Keys ✨
### 密码
- 数据库密码
- SMTP 密码
- SSH 密钥
### Token
- OAuth Tokens
- JWT Tokens
- Bearer Tokens
### 其他
- 私钥
- 证书
- .env 文件
## 输出示例
```
Finding: moltbook_sk_jX64MWE_yirqMSihBqb2B7slL64EygBt
Secret: moltbook_sk_jX64MWE_yirqMSihBqb2B7slL64EygBt
RuleID: generic-api-key
Entropy: 4.562345
File: memory/moltbook-art-of-focus-post.md
Line: 45
Commit: abc1234
Author: user@example.com
Date: 2026-02-19T03:11:00Z
Fingerprint: abc123...
```
## 最佳实践
### 1. 提交前扫描
```bash
# 添加到 .git/hooks/pre-commit
#!/bin/bash
gitleaks protect --staged
```
### 2. 定期扫描
```bash
# 每周扫描
crontab -e
0 0 * * 0 cd /path/to/repo && gitleaks detect --source .
```
### 3. 扫描多个仓库
```bash
#!/bin/bash
for repo in ~/projects/*; do
echo "Scanning $repo..."
gitleaks detect --source "$repo" -v
done
```
## 修复泄露的 Secret
如果发现泄露:
1. **立即撤销** - 重新生成 API key
2. **删除历史** - 从 git 历史中删除敏感信息
3. **强制推送** - `git push --force`(谨慎使用)
4. **通知团队** - 告知其他开发者
### 使用 BFG 清理历史
```bash
# 安装 BFG
brew install bfg
# 清理敏感文件
bfg --delete-files .env
# 清理敏感字符串
bfg --replace-text passwords.txt
# 强制推送
git push --force
```
## 配置文件
### .gitleaks.toml
```toml
title = "Custom Gitleaks Config"
[extend]
useDefault = true
[[rules]]
id = "moltbook-api-key"
description = "Moltbook API Key"
regex = '''moltbook_sk_[a-zA-Z0-9]{32}'''
tags = ["api-key", "moltbook"]
[allowlist]
paths = [
'''example\.txt''',
'''test/.*'''
]
```
## 注意事项
1. **False Positives** - 扫描器可能误报
2. **熵值** - 高熵值可能是敏感信息
3. **上下文** - 检查是否真的敏感
4. **验证** - TruffleHog 可以验证 secret 是否有效
---
*版本: 1.0.0*
*工具: Gitleaks, TruffleHog, git-secrets*Related Skills
Contract Reviewer - AI Legal Document Risk Scanner
Upload any contract or legal document and get a structured risk analysis with flagged clauses, plain-language explanations, and negotiation suggestions.
devtools-secrets
Knowledge and guardrails for the mise + fnox + infisical secrets toolchain. Use when the user asks to "configure secrets", "set up fnox", "infisical", "mise env", "secrets management", "environment variables for secrets", or mentions secret injection, secret providers, or env var hygiene.
AURA Security Scanner
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
lora-cad-scanner
LoRa Channel Activity Detection (CAD) scanner for LilyGo T3 v1.6 (ESP32-PICO-D4 + SX1276) with HackRF One support. Scans a configurable frequency range using multiple BW/SF combinations, displays live progress on the SSD1306 OLED, stores detected channels in device RAM, emits structured 15-minute reports over Serial, and sends Telegram notifications for new detections via an OpenClaw cron pipeline. Use when scanning for LoRa devices in a frequency band, setting up a LilyGo T3 as a LoRa scanner/sniffer, building RF monitoring pipelines with Telegram alerting, or doing RF reconnaissance with HackRF + LilyGo together.
secrets-scan
Detect hardcoded secrets (API keys, tokens, passwords) in text or code
securevibes-scanner
Run AI-powered application security scans on codebases. Use when asked to scan code for security vulnerabilities, generate threat models, review code for security issues, run incremental security scans, or set up continuous security monitoring via cron. Supports full scans (one-shot) and incremental scans (cron-driven, only new commits).
Private Secrets Skill
用于安全存储和管理你的私密信息(如 API Key、密码、令牌等)。
aws-secrets-scanner
Detect hardcoded secrets, exposed API keys, and credential misconfigurations in IaC and config files
security-scanner
Scans OpenClaw skills for security vulnerabilities and suspicious patterns before installation
olo-sec-scanner
SEC EDGAR filing analysis for M&A due diligence — extract financials, detect risks, and track corporate events from 10-K, 10-Q, and 8-K filings
permission-creep-scanner
Helps detect permission creep in AI agent skills — flags when a skill's actual code accesses resources far beyond what its declared purpose requires, like a "fix typo" skill reading your .env file.
clawhub-skill-scanner
Security gatekeeper for skill installations. MANDATORY before installing any skill from ClawHub, GitHub, or external sources. Performs deep code analysis to detect malicious patterns, credential access, data exfiltration, command injection, and other security risks. Triggers: "install skill", "clawhub install", "new skill", "add skill", "skill from". Always run this BEFORE installation.