ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smart Secrets Scanner

v1.0.0

Intelligent secrets detection and prevention — scan code, configs, and git history for exposed API keys, passwords, tokens, and credentials

0· 89·1 current·1 all-time
by@sky-lv

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sky-lv/smart-secrets-scanner.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Smart Secrets Scanner" (sky-lv/smart-secrets-scanner) from ClawHub.
Skill page: https://clawhub.ai/sky-lv/smart-secrets-scanner
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install smart-secrets-scanner

ClawHub CLI

Package manager switcher

npx clawhub@latest install smart-secrets-scanner
Security Scan
Capability signals
CryptoRequires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a Node-based scanner (commands like `node scanner.js scan ...`) but the skill bundle contains no code files, no scanner.js, and no install spec. It also does not declare Node (or any runtime) as a required binary. This is an internal inconsistency: either the skill should include the scanner implementation or declare how to obtain/install it.
Instruction Scope
The runtime instructions stay within the stated scope (scanning files and git history, installing a pre-commit hook, and redacting secrets). However they include actions that modify the repository (hook install, redact) — which is appropriate for a secrets tool but demands caution. The instructions do not describe safeguards, dry-run modes, or where findings are transmitted (no external endpoint declared).
!
Install Mechanism
There is no install spec — this is instruction-only. That is low-risk by itself, but the instructions assume a local scanner implementation and Node runtime. Without an included binary or a trusted install URL, there's no provenance for the code the instructions ask you to run. The lack of a homepage or source repository increases the risk.
scan_findings_in_context

Like a lobster shell, security has layers — review code before you run it.

latestvk978y98ver9r6f64srx68cbt318595pd
89downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@sky-lv
latest
Download

smart-secrets-scanner

Intelligent secrets detection — scan code, configs, and git history for exposed API keys, passwords, tokens, and credentials before they leak.

Skill Metadata

  • Slug: smart-secrets-scanner
  • Version: 1.0.0
  • Description: Intelligent secrets and credential scanner for codebases. Detects exposed API keys, passwords, tokens, private keys, and credentials in source code, config files, environment variables, and git commit history. Provides auto-remediation suggestions.
  • Category: security
  • Trigger Keywords: secrets scanner, credential leak, API key detection, token exposure, security scan, secret detection, git secret

Capabilities

1. Scan Current Project

```bash node scanner.js scan ./src node scanner.js scan ./ --include ".js,.json,.yaml,.env*" ``` Detects 50+ patterns: AWS keys, GitHub tokens, Slack webhooks, database URLs, private keys, JWTs, etc.

2. Scan Git History

```bash node scanner.js git-scan --depth 50 node scanner.js git-scan --since "2024-01-01" ``` Finds secrets that were committed and later removed (still in git history).

3. Pre-commit Hook

```bash node scanner.js hook --install

Now every commit is scanned automatically

```

4. Auto-Redact

```bash node scanner.js redact ./src/config.js --replace-with "[REDACTED]" ``` Replace detected secrets with placeholder values.

Detection Patterns

CategoryExamples
Cloud KeysAWS_ACCESS_KEY, GCP_SERVICE_ACCOUNT, AZURE_CLIENT_SECRET
API TokensGitHub, Slack, Stripe, OpenAI, Anthropic, Google Maps
DatabaseMongoDB URI, PostgreSQL URL, Redis password
CryptoRSA private key, SSH key, certificate
App SecretsJWT secret, session key, encryption key
Config Files.env, .npmrc, .pypirc, credentials.json

Use Cases

  1. CI/CD Pipeline: Block deployments with exposed secrets
  2. Pre-commit: Prevent secrets from entering git history
  3. Audit: Scan existing codebase for leaked credentials
  4. Compliance: SOC2, GDPR requirement for credential management
  5. Education: Teach developers about secret management

Output Format

```json { "findings": [ { "file": "src/config.js", "line": 12, "type": "AWS_ACCESS_KEY", "severity": "CRITICAL", "matched": "AKIAIOSFODNN7EXAMPLE", "suggestion": "Move to environment variable or secrets manager" } ], "summary": { "critical": 1, "high": 0, "medium": 2, "low": 5 } } ```

Comments

Loading comments...