Secret Detection
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: secret-detection Version: 1.0.0 The OpenClaw AgentSkills bundle 'secret-detection' is benign. It functions as a local git pre-commit hook to scan staged files for common secret patterns. The `scripts/main.py` file uses standard Python libraries and `subprocess` to interact with git, read local files, and install the hook. There is no evidence of data exfiltration, malicious execution, unauthorized persistence, or prompt injection attempts against the OpenClaw agent. The printing of partial secret content to the console is an explicit, documented feature for user identification, not an attempt at malicious data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Actual API keys, passwords, or tokens found by the scanner may be exposed in places where command output is stored or shared.
The scanner records the full matched secret and full line content in its findings, then prints the full JSON result, so detected credentials can enter terminal output, agent context, or logs.
findings.append({ ... 'content': line.strip(), 'secret': match, ... }); ... print(json.dumps(result, indent=2))Redact findings by default: output only file, line, label, and a short masked preview or hash; avoid printing raw JSON containing full secret values.
A user may run the scanner in a shared terminal, CI job, or agent workflow expecting secrets to be truncated, while full values are still emitted.
The documentation suggests limited redaction, but the code prints a JSON result containing full 'secret' and 'content' fields; users may assume safer logging than the implementation provides.
- Prints first 20 characters of detected secrets to console for identification purposes
Make the documentation match the implementation, or preferably change the implementation so all output consistently redacts secrets.
Installing it could replace an existing pre-commit hook and change other checks that previously ran before commits.
The install command directly writes the repository's pre-commit hook and makes it executable; this is expected for the skill, but the code does not show an existing-hook backup or merge step.
hook_path = Path('.git/hooks/pre-commit') ... hook_path.write_text(hook_content); hook_path.chmod(0o755)Inspect and back up any existing .git/hooks/pre-commit file before installation; the skill should warn, back up, or chain existing hooks.
After installation, commits in that repository may be blocked until the hook is removed or the flagged content is changed.
The hook persists in the repository and runs automatically after installation. This persistence is disclosed and purpose-aligned, but it affects future git commits.
- The hook runs automatically on `git commit` - If secrets are detected, the commit is blocked
Install only in repositories where you want this behavior, and remove or disable the hook if it interferes with your workflow.