Skylv Secret Detector
PassAudited by ClawScan on May 3, 2026.
Overview
This instruction-only skill uses local search commands to find possible secrets in code and does not show hidden persistence, credential collection, uploads, or destructive behavior.
This looks safe for its stated purpose. Use it only in repositories you intend to inspect, do not paste raw secret findings into public places, and rotate or revoke any real credentials it finds.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run from the wrong directory, the scan may inspect more local code files than intended.
The skill documents local recursive command-line searches. This is expected for a secret scanner and is non-mutating, but it still reads files under the current directory.
grep -rE "ghp_[a-zA-Z0-9]{36}|AKIA[0-9A-Z]{16}" --include="*.js" --include="*.py" .Run the skill from the specific repository or folder you want to scan, and review commands before executing them.
Found secrets may be exposed to whoever can see the scan output or chat transcript.
The skill is designed to surface sensitive credentials. Any real matches could appear in terminal output or agent context, which should be handled carefully.
Patterns to Detect
AWS Key: AKIA[0-9A-Z]{16}
GitHub Token: ghp_[a-zA-Z0-9]{36}
Private Key: -----BEGIN (RSA|DSA|EC) PRIVATE KEY-----Avoid sharing raw findings publicly, redact sensitive values when reporting, and rotate or revoke any confirmed leaked secrets.