ggshield Secret Scanner
PassAudited by ClawScan on May 10, 2026.
Overview
This looks like a coherent wrapper around GitGuardian's ggshield scanner, but users should understand it uses a GitGuardian API key, scans selected local code, and can install a persistent git hook.
Install this only if you want an agent to use ggshield for secret scanning. Keep the GitGuardian API key out of repositories, scan only intended files or projects, verify the source/maintainer, and explicitly approve any git hook installation because it will affect future commits or pushes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can run ggshield against local repositories, files, staged changes, or Docker images that the user or agent selects.
The skill executes the local ggshield CLI with arguments derived from its scan methods. This is central to the stated purpose and uses an argument list rather than a shell, but it still gives the agent a local scanning tool over user-specified paths/images.
command = ["ggshield", *args] ... result = subprocess.run(command, capture_output=True, text=True, env=env)
Only authorize scans for intended project paths or images, and make sure the ggshield binary on PATH is the trusted GitGuardian CLI.
The skill can use the configured GitGuardian account for scans, and the API key must be protected like any other credential.
The skill requires a GitGuardian API key and passes it into the ggshield subprocess environment. This is expected for GitGuardian scanning, but it is still account credential use.
self.api_key_env = "GITGUARDIAN_API_KEY"
...
env = {**os.environ, self.api_key_env: api_key}Use a revocable, least-privileged GitGuardian API key where possible, store it outside the repository, and rotate it if exposed.
Some information about scanned files and findings may leave the local environment for GitGuardian's service.
The documentation discloses that scan metadata is sent to GitGuardian. This provider data flow is purpose-aligned, but file paths, line numbers, and detection metadata can still be sensitive.
What Data is Sent to GitGuardian? ... Hash of the secret pattern ... File path (relative path only) ... Line number
Review GitGuardian's current privacy documentation and avoid scanning repositories or files whose metadata must not be shared with the provider.
Future commits or pushes in that repository may be blocked if ggshield detects secrets.
The install_hooks method installs a local git hook that continues running on future commits or pushes. This persistence is disclosed and purpose-aligned, but it changes repository behavior after the initial agent action.
self._run_ggshield("install", "--mode", "local", "--hook-type", hook_type)Require explicit user approval before installing hooks and document how to remove or change them if they interfere with workflow.
Users could be unsure whether they are installing an official GitGuardian-maintained skill or a third-party wrapper.
The README's manual install source differs from the supplied registry homepage pointing to a GitGuardian organization repository. This is not evidence of malicious behavior, but it is a provenance detail users should verify for a security-related skill.
git clone https://github.com/achillemascia/ggshield-skill.git ~/.moltbot/skills/ggshield-scanner
Verify the intended repository, maintainer, and package source before installation, especially because the skill handles code-scanning and an API key.