🔐 Security & Audit

Git Secrets Scannerv1.0.0

Name: Git Secrets Scanner
Author: guohongbin-git

git-secrets-scanner

guohongbin-git

Git 安全扫描器 - 检查提交中的敏感信息泄露（API keys、密码、token）

githubsecuritysecurity-scan

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

662

Stars

CreatedFeb 19, 2026

UpdatedApr 18, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install guohongbin-git/git-secrets-scanner

Skill Package2 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B64/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation12/35

· 9 installs (low)
· 662 downloads (moderate demand)

Documentation19/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description

Package Completeness8/15

· skillAssets present (1 files)
· Includes scripts or config files

Security Analysis

💙 Low Risk

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://github.com/gitleaks/gitleaks/releases

Audited Apr 16, 2026 · audit v1.0

💡

Usage Guide

Generated Mar 1, 2026

DevOps engineersSecurity analystsbeginner

💡 Application Scenarios

Financial Services Code SecurityFinancial Services

A fintech company uses this skill to scan all git repositories for leaked API keys and tokens before each deployment, ensuring compliance with financial regulations like PCI-DSS. It integrates into CI/CD pipelines to automatically block commits containing sensitive data, preventing potential breaches and fines.

E-commerce Platform DevelopmentE-commerce

An e-commerce platform employs the scanner to monitor developer commits for exposed payment gateway keys (e.g., Stripe) and database credentials. Regular historical scans help identify and clean up past leaks, safeguarding customer data and maintaining trust.

Healthcare Software AuditingHealthcare

A healthcare software provider implements pre-commit hooks with git-secrets to detect PHI-related secrets in code changes. This proactive approach helps meet HIPAA requirements by preventing accidental leaks of sensitive health information during development.

SaaS Startup Security HardeningTechnology

A SaaS startup uses Gitleaks to scan all git history for exposed cloud service keys (e.g., AWS, GitHub tokens) as part of their security onboarding. This reduces attack surfaces and educates developers on secure coding practices from day one.

Government Agency ComplianceGovernment

A government agency integrates TruffleHog into their version control system to verify and scan for verified secrets in all projects. This ensures adherence to data protection laws and prevents unauthorized access to sensitive government infrastructure.

💼 Business Models

SaaS Security PlatformSubscription-based

Offer a cloud-based service that integrates this scanning skill into developer workflows, providing dashboards and alerts for leaked secrets. Revenue comes from subscription tiers based on repository count and scanning frequency, targeting enterprises.

Consulting and ImplementationService fees

Provide professional services to help organizations set up and customize the scanner, including configuring rules and CI/CD pipelines. Revenue is generated through project-based fees and ongoing support contracts for maintenance.

Open Source Support and TrainingTraining and support fees

Monetize by offering premium support, training workshops, and custom rule development for the open-source tools like Gitleaks. Revenue streams include training sessions, certification programs, and paid community access.

💬 Integration Tip

Start by adding a pre-commit hook with Gitleaks for immediate feedback, then integrate into CI/CD using the provided GitHub Actions example to automate scans on every push.