skylv-secret-detectorScans code for leaked secrets, API keys, tokens, and passwords. Triggers: scan secrets, check api key, security scan, leaked token.
Install via ClawdBot CLI:
clawdbot install sky-lv/skylv-secret-detectorGrade Limited — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Generated May 13, 2026
Integrate the secret detector into your continuous integration pipeline to automatically scan code for leaked secrets before deployment. This prevents accidental exposure of API keys and tokens in production repositories.
Set up a pre-commit hook using the scanner to block commits containing secrets. Developers receive immediate feedback, reducing the risk of pushing sensitive data to remote repositories.
Run a batch scan across all existing repositories to find previously committed secrets. This helps organizations remediate historical leaks and improve overall security posture.
Before accepting pull requests from external contributors, scan the code for hardcoded secrets. This protects open source projects from being used to distribute leaked credentials.
Use the secret detector to enforce compliance with regulations like HIPAA or GDPR by ensuring no access tokens or passwords are exposed in code. Regular scans generate audit trails for compliance reports.
Offer the secret detector as a cloud-based service that integrates with popular CI/CD platforms. Customers pay a monthly fee based on the number of repositories or scans performed.
Provide a free version with basic scanning capabilities and charge for advanced features like custom pattern definition, detailed reporting, and multi-team collaboration.
Offer manual or automated deep scans of existing codebases as a professional service. This is suitable for companies needing a one-time security review without ongoing subscription commitment.
💬 Integration Tip
The tool works out-of-the-box with simple grep commands on Linux/macOS, making it easy to add to any CI pipeline or pre-commit hook. For Windows, use PowerShell Select-String.
Scored May 13, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Analyze and classify agent skills for safety using local evaluation. Optionally produce a signed attestation of the vetting result.
Detect 500+ types of hardcoded secrets (API keys, credentials, tokens) before they leak into git. Wraps GitGuardian's ggshield CLI.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.