← All skills

Tencent SkillHub · Developer Tools

Git Secrets Scanner

Git 安全扫描器 - 检查提交中的敏感信息泄露（API keys、密码、token）

skill openclawclawhub Free

0 Downloads

0 Stars

0 Installs

0 Score

High Signal

Git 安全扫描器 - 检查提交中的敏感信息泄露（API keys、密码、token）

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup

Download the package from Yavira.
Extract the archive and review SKILL.md first.
Import or place the package into your OpenClaw setup.

Requirements

Target platform: OpenClaw
Install method: Manual import
Extraction: Extract archive
Prerequisites: OpenClaw
Primary doc: SKILL.md

Package facts

Download mode: Yavira redirect
Package format: ZIP package
Source platform: Tencent SkillHub
What's included: SKILL.md, package.json

Validation

Use the Yavira download entry.
Review SKILL.md after the package is downloaded.
Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

Download the package from Yavira.
Extract it into a folder your agent can access.
Paste one of the prompts below and point your agent at the extracted folder.

New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source: Tencent SkillHub
Verification: Indexed source record
Version: 1.0.0

Provenance

Publisher: guohongbin-git
Source page: View original listing
Canonical URL: Open canonical page

Documentation

ClawHub primary doc Primary doc: SKILL.md 22 sections Open source page

Git 安全扫描器

检查提交中的敏感信息泄露。

工具对比

工具Stars特点Gitleaks24,958最流行，Go 编写，快速TruffleHog24,612验证 secrets，支持多种格式git-secrets13,173AWS 官方，pre-commit hook

Gitleaks（推荐）

# macOS brew install gitleaks # Linux # 从 https://github.com/gitleaks/gitleaks/releases 下载 # 或使用 Go go install github.com/gitleaks/gitleaks/v8@latest

TruffleHog

# macOS brew install trufflehog # Linux # 从 https://github.com/trufflesecurity/trufflehog/releases 下载 # 或使用 Docker docker pull trufflesecurity/trufflehog:latest

git-secrets

# macOS brew install git-secrets # Linux git clone https://github.com/awslabs/git-secrets.git cd git-secrets sudo make install

1. 扫描当前仓库

# Gitleaks gitleaks detect --source . -v # TruffleHog trufflehog git file://. --only-verified # git-secrets（需要先设置 hook） git secrets --scan-history

2. 扫描特定提交

# Gitleaks gitleaks detect --source . --log-opts="HEAD~1..HEAD" # TruffleHog trufflehog git file://. --commit=HEAD

3. 扫描所有历史

# Gitleaks gitleaks detect --source . --log-opts="--all" # TruffleHog trufflehog git file://. --no-deletion

4. 设置 pre-commit hook

# git-secrets cd your-repo git secrets --install git secrets --register-aws

5. CI/CD 集成

# .github/workflows/security.yml name: Security Scan on: [push, pull_request] jobs: gitleaks: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - uses: gitleaks/gitleaks-action@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

API Keys

AWS Access Keys GitHub Tokens Slack Tokens Stripe Keys Moltbook API Keys ✨

密码

数据库密码 SMTP 密码 SSH 密钥

Token

OAuth Tokens JWT Tokens Bearer Tokens

其他

私钥证书 .env 文件

输出示例

Finding: moltbook_sk_jX64MWE_yirqMSihBqb2B7slL64EygBt Secret: moltbook_sk_jX64MWE_yirqMSihBqb2B7slL64EygBt RuleID: generic-api-key Entropy: 4.562345 File: memory/moltbook-art-of-focus-post.md Line: 45 Commit: abc1234 Author: user@example.com Date: 2026-02-19T03:11:00Z Fingerprint: abc123...

1. 提交前扫描

# 添加到 .git/hooks/pre-commit #!/bin/bash gitleaks protect --staged

2. 定期扫描

# 每周扫描 crontab -e 0 0 * * 0 cd /path/to/repo && gitleaks detect --source .

3. 扫描多个仓库

#!/bin/bash for repo in ~/projects/*; do echo "Scanning $repo..." gitleaks detect --source "$repo" -v done

修复泄露的 Secret

如果发现泄露：立即撤销 - 重新生成 API key 删除历史 - 从 git 历史中删除敏感信息强制推送 - git push --force（谨慎使用）通知团队 - 告知其他开发者

使用 BFG 清理历史

# 安装 BFG brew install bfg # 清理敏感文件 bfg --delete-files .env # 清理敏感字符串 bfg --replace-text passwords.txt # 强制推送 git push --force

.gitleaks.toml

title = "Custom Gitleaks Config" [extend] useDefault = true [[rules]] id = "moltbook-api-key" description = "Moltbook API Key" regex = '''moltbook_sk_[a-zA-Z0-9]{32}''' tags = ["api-key", "moltbook"] [allowlist] paths = [ '''example\.txt''', '''test/.*''' ]

注意事项

False Positives - 扫描器可能误报熵值 - 高熵值可能是敏感信息上下文 - 检查是否真的敏感验证 - TruffleHog 可以验证 secret 是否有效版本: 1.0.0 工具: Gitleaks, TruffleHog, git-secrets

Category context

Code helpers, APIs, CLIs, browser automation, testing, and developer operations.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package

1 Docs1 Config

SKILL.md Primary doc
package.json Config