{"skill":{"slug":"agent-security-ops","displayName":"Agent Security Ops","summary":"Stop leaking secrets. Pre-commit hooks + 10-point scans + cron monitoring. Agent-ops security in one command. By The Agent Wire (theagentwire.ai)","description":"---\nname: agent-security-ops\ndescription: \"Stop leaking secrets. Pre-commit hooks + 10-point scans + cron monitoring. Agent-ops security in one command. By The Agent Wire (theagentwire.ai)\"\nhomepage: https://theagentwire.ai\nmetadata: { \"openclaw\": { \"emoji\": \"🔒\" } }\n---\n\n# agent-security-ops\n\nSecurity hardening for solopreneur repos. One command to set up pre-commit hooks, secret scanning, and continuous monitoring.\n\n## ⚠️ Important: `--no-verify` Bypass Warning\n\n> **The pre-commit hook can be bypassed** with `git commit --no-verify`. This skips ALL hooks including secret scanning.\n>\n> **Recommendations:**\n> 1. **Never use `--no-verify` unless you've manually verified no secrets are staged**\n> 2. **Set up CI-side scanning as backup** — add TruffleHog to your GitHub Actions / CI pipeline so secrets are caught even if hooks are bypassed\n> 3. **Run `scan.sh` after any `--no-verify` commit** to verify nothing slipped through\n>\n> The hook is fail-closed: if TruffleHog is not found, commits are **blocked** (not silently allowed).\n\n## Quick Start\n\n```bash\nbash skills/agent-security-ops/scripts/setup.sh /path/to/repo\n```\n\nThis will:\n1. Install TruffleHog (pinned version with SHA256 checksum verification, override with `TRUFFLEHOG_VERSION` env var)\n2. Set up a fail-closed pre-commit hook that blocks secrets (scans staged changes)\n3. Harden `.gitignore` with common secret patterns (including `.security-ops/`, `.terraform/`)\n4. Run initial secret scan (git history + filesystem for untracked files)\n\n## What You'll See\n\n**setup.sh output:**\n```\nagent-security-ops: Setting up /Users/you/my-project\n✓ TruffleHog already installed (3.88.0)\n✓ Pre-commit hook installed\n→ Added 2 patterns to .gitignore: .security-ops/ .terraform/\n→ Running initial secret scan...\n✓ Initial scan: clean\n→ Running filesystem scan (untracked files)...\n✓ Filesystem scan: clean\n\nSetup complete:\n  • Installed pre-commit hook\n  • Hardened .gitignore (+2 patterns)\n  • Initial scan: clean\n  💡 More agent-ops at theagentwire.ai/?utm_source=clawhub&utm_medium=skill&utm_campaign=agent-security-ops\n```\n\n**scan.sh summary (stderr):**\n```\n--- TruffleHog Secret Scan ---\n✓ No secrets found\n\n--- TruffleHog Filesystem Scan ---\n✓ No secrets in untracked files\n\n--- Pattern Grep Scan ---\n⚠ Found 2 high-confidence secret pattern(s)\n./config.js:3:  apiKey: \"sk-proj-abc123...\"\n✓ No low-confidence patterns\n\n--- Summary ---\n⚠ Total: 2 (secrets=0[0 verified], fs=0, patterns=2[+0 low], ...)\n```\n\n## Commands\n\nAll scripts support `--help` and `--version` flags.\n\n### setup.sh — One-time repo hardening\n```bash\nbash scripts/setup.sh [/path/to/repo]\nbash scripts/setup.sh --fix-ssh /path/to/repo   # also fix SSH permissions\n```\nIdempotent. Safe to run multiple times. Defaults to current directory. Existing pre-commit hooks are preserved (appended to, not overwritten).\n\n### scan.sh — Full security scan\n```bash\n# JSON report to stdout, human summary to stderr\nbash scripts/scan.sh [/path/to/repo]\n\n# Save report\nbash scripts/scan.sh /path/to/repo > report.json\n```\n\nChecks:\n- **Secrets**: TruffleHog — all secrets found (verified ones highlighted)\n- **Filesystem**: TruffleHog filesystem scan for untracked/working files\n- **Pattern grep (high-confidence)**: AWS, GitHub, Anthropic, Slack, OpenAI, Stripe, Google, Twilio, SendGrid, npm, Vault, private keys\n- **Pattern grep (low-confidence)**: Database URLs, password/secret assignments, bearer tokens, Firebase, Supabase, JWTs\n- **`.gitignore` audit**: Uses `git check-ignore` to verify patterns work\n- **Dependency audit**: `npm audit` / `pip audit` (results in JSON output)\n- **File permissions**: Finds world-readable `.env`, `.pem`, `.key`, credential files\n- **Open ports**: Lists listening ports, flags unexpected ones (note: may need sudo on macOS)\n- **Environment secrets**: Scans shell profiles for hardcoded keys/tokens\n- **Loose `.env` files**: Checks `$HOME`, Desktop, Downloads for `.env` files (warning only, not counted as repo findings)\n- **Docker secrets**: Checks Dockerfiles and compose files for hardcoded secrets\n- **SSH audit**: Verifies `~/.ssh` permissions (report only — use `setup.sh --fix-ssh` to fix)\n- **Git remotes**: Flags insecure HTTP remotes, checks GitHub repo visibility\n\n### monitor.sh — Cron-friendly monitoring\n```bash\nbash scripts/monitor.sh [/path/to/repo]\n```\n\nContent-based delta detection (hashes scan results, not just counts). Exits 1 on any change, 0 if unchanged. Uses atomic file writes and flock-based locking to prevent concurrent runs.\n\n## Cron Integration\n\n```bash\n# Check every hour, alert on new findings\n0 * * * * bash /path/to/skills/agent-security-ops/scripts/monitor.sh /path/to/repo || notify \"Security scan changed\"\n```\n\n## Found Something?\n\n| Finding | What to Do |\n|---------|-----------|\n| **Verified secret in git** | Rotate the credential immediately. Use `git filter-repo` or BFG to remove from history. |\n| **Unverified secret in git** | Investigate — may be a false positive or an expired credential. Still consider rotating. |\n| **Pattern match (high-confidence)** | Move to `.env` file or secret manager. Verify it's in `.gitignore`. |\n| **Pattern match (low-confidence)** | Review manually — may be a false positive. Check if it's a real credential. |\n| **Missing .gitignore pattern** | Run `setup.sh` again — it adds missing patterns. |\n| **World-readable sensitive file** | `chmod 600 <file>` — restrict to owner only. |\n| **Unexpected open port** | Identify the process (`lsof -i :<port>`), stop if unnecessary. |\n| **Env secret in shell profile** | Move to `.env` file or `op run` (1Password). Remove `export` line. |\n| **Docker hardcoded secret** | Use Docker secrets, env vars with `${VAR}` syntax, or `.env` file. |\n| **SSH permission issue** | Run `setup.sh --fix-ssh` or manually `chmod 700 ~/.ssh && chmod 600 ~/.ssh/id_*`. |\n| **HTTP git remote** | `git remote set-url origin git@github.com:user/repo.git` |\n| **Public repo detected** | If unintentional: `gh repo edit --visibility private` |\n\n## Limitations\n\n- **Grep ≠ AST analysis**: Pattern matching catches literal strings, not obfuscated or dynamically constructed secrets.\n- **No SAST/DAST**: This is not a replacement for static/dynamic application security testing.\n- **IaC limited to Docker**: No Terraform, Kubernetes, or CloudFormation scanning beyond basic grep patterns on `.tf`/`.tfvars`.\n- **TruffleHog verification**: Verification depends on service availability — if an API is down, a real secret may show as \"unverified.\" That's why we now scan all secrets, not just verified ones.\n- **Port scanning**: Only detects currently listening ports, not firewall rules or network exposure. May need sudo on macOS for full process info.\n- **`$HOME` .env scan**: Checks outside repo scope as a convenience — findings are warnings only, not counted as repo findings.\n\n## What It Scans\n\n| Category | Tool | Coverage |\n|----------|------|----------|\n| Secrets in code | TruffleHog | Current files + full git history (all, verified highlighted) |\n| Filesystem secrets | TruffleHog | Untracked/working directory files |\n| Secret patterns (high) | grep | 20+ providers (AWS, GitHub, Anthropic, Slack, Stripe, etc.) |\n| Secret patterns (low) | grep | DB URLs, passwords, bearer tokens, Firebase, Supabase, JWTs |\n| .gitignore | git check-ignore | `.env*`, `*.pem`, `*.key`, `*.p12`, `*.pfx`, credentials, keystores, `.terraform/` |\n| Dependencies | npm/pip audit | Known CVEs in packages |\n| Permissions | find | World-readable sensitive files |\n| Open Ports | lsof/ss | Unexpected listening services |\n| Env Secrets | grep | Hardcoded secrets in shell profiles, loose .env files (warning) |\n| Docker Secrets | grep | Hardcoded secrets in Dockerfiles and compose files |\n| SSH Audit | stat | Permission checks on ~/.ssh, keys, config |\n| Git Remotes | git/gh | Insecure HTTP remotes, public repo detection |\n\n## Security Model\n\n- **Binary verification**: TruffleHog downloaded with SHA256 checksum verification against official release checksums\n- **Fail-closed hook**: Missing TruffleHog blocks commits (not silently passes)\n- **No brew fallback**: Only verified direct download to prevent supply chain attacks\n- **Version pinning**: `TRUFFLEHOG_VERSION` validated as semver before use\n- **Self-exclusion**: Scripts exclude themselves from grep scans via content marker\n\n## Reference Files\n\n- `references/patterns.md` — Regex patterns for all detected secret types, marked as ✅ scanned or 📖 reference only.\n\n## Dependencies\n\n- `git`, `grep`, `find` (standard)\n- `trufflehog` (installed by setup.sh, pinned version with checksum verification)\n- `jq` (optional — produces properly escaped JSON; without it, falls back to shell-based escaping which may break on unusual filenames/content)\n\n---\n\nBuilt by [The Agent Wire](https://theagentwire.ai?utm_source=clawhub&utm_medium=skill&utm_campaign=agent-security-ops) — a weekly newsletter about AI agents for solopreneurs. Liked this skill? I write about building agent-ops tools like this every Wednesday.\nStar ⭐ this skill if it saved you from leaking a secret.\n\n---\n\n## FAQ\n\n**What is this skill?**\nAgent Security Ops installs pre-commit hooks and runs 10-point security scans to prevent AI agents from leaking secrets. Catches API keys, tokens, passwords, and credentials before they reach git history.\n\n**What problem does it solve?**\nAI agents generate and handle credentials constantly — API keys, tokens, database URLs. Without guardrails, these end up in commits, logs, or chat messages. This skill adds automated scanning at commit-time and on-demand.\n\n**What are the requirements?**\nBash, git, and TruffleHog (installed automatically). Works on macOS and Linux. No API keys or external services needed.\n\n**What does the 10-point scan check?**\nGit staged files, environment files (.env), config files, recent git history, high-entropy strings, known secret patterns, AWS/GCP/Azure credentials, private keys, database URLs, and API tokens.\n\n**Does it work with any AI agent framework?**\nYes. It's framework-agnostic — operates at the git and filesystem level. Works with OpenClaw, Claude Code, Cursor, Aider, or any tool that writes files.\n\n**Can it run on a schedule?**\nYes. Pair it with a cron job for periodic scans of your workspace. The scan outputs a structured report suitable for automated monitoring.\n","topics":["Cron"],"tags":{"latest":"1.2.2"},"stats":{"comments":0,"downloads":1334,"installsAllTime":50,"installsCurrent":3,"stars":2,"versions":7},"createdAt":1771697464280,"updatedAt":1778992155016},"latestVersion":{"version":"1.2.2","createdAt":1772905542072,"changelog":"Updated newsletter CTAs with UTM tracking and skill-specific messaging","license":null},"metadata":{"setup":[],"os":null,"systems":null},"owner":{"handle":"theagentwire","userId":"s1701wshjm2c36fppx02ev6ktn85bygk","displayName":"The Agent Wire","image":"https://avatars.githubusercontent.com/u/260305314?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1779948102458}}