git-secrets-scannerGit 安全扫描器 - 检查提交中的敏感信息泄露(API keys、密码、token)
Install via ClawdBot CLI:
clawdbot install guohongbin-git/git-secrets-scannerGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Calls external URL not in known-safe list
https://github.com/gitleaks/gitleaks/releasesAudited Apr 16, 2026 · audit v1.0
Generated Mar 1, 2026
A fintech company uses this skill to scan all git repositories for leaked API keys and tokens before each deployment, ensuring compliance with financial regulations like PCI-DSS. It integrates into CI/CD pipelines to automatically block commits containing sensitive data, preventing potential breaches and fines.
An e-commerce platform employs the scanner to monitor developer commits for exposed payment gateway keys (e.g., Stripe) and database credentials. Regular historical scans help identify and clean up past leaks, safeguarding customer data and maintaining trust.
A healthcare software provider implements pre-commit hooks with git-secrets to detect PHI-related secrets in code changes. This proactive approach helps meet HIPAA requirements by preventing accidental leaks of sensitive health information during development.
A SaaS startup uses Gitleaks to scan all git history for exposed cloud service keys (e.g., AWS, GitHub tokens) as part of their security onboarding. This reduces attack surfaces and educates developers on secure coding practices from day one.
A government agency integrates TruffleHog into their version control system to verify and scan for verified secrets in all projects. This ensures adherence to data protection laws and prevents unauthorized access to sensitive government infrastructure.
Offer a cloud-based service that integrates this scanning skill into developer workflows, providing dashboards and alerts for leaked secrets. Revenue comes from subscription tiers based on repository count and scanning frequency, targeting enterprises.
Provide professional services to help organizations set up and customize the scanner, including configuring rules and CI/CD pipelines. Revenue is generated through project-based fees and ongoing support contracts for maintenance.
Monetize by offering premium support, training workshops, and custom rule development for the open-source tools like Gitleaks. Revenue streams include training sessions, certification programs, and paid community access.
💬 Integration Tip
Start by adding a pre-commit hook with Gitleaks for immediate feedback, then integrate into CI/CD using the provided GitHub Actions example to automate scans on every push.
Scored Apr 19, 2026
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Detect anomalies and outliers in construction data: unusual costs, schedule variances, productivity spikes. Statistical and ML-based detection methods.
Efficient, secure agent-to-agent communication protocol. 40-60% token reduction, built-in privacy, Ed25519 signatures.
Scan websites and content to identify SEO gaps, analyze meta tags, technical factors, keyword use, and provide competitor comparison insights.
Provides a comprehensive testing methodology for AI software, covering strategy design, unit, integration, and end-to-end tests with coverage and reporting g...