{ "schemaVersion": "1.0", "item": { "slug": "git-secrets-scanner", "name": "Git Secrets Scanner", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/guohongbin-git/git-secrets-scanner", "canonicalUrl": "https://clawhub.ai/guohongbin-git/git-secrets-scanner", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/git-secrets-scanner", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=git-secrets-scanner", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "package.json" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/git-secrets-scanner" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/git-secrets-scanner", "agentPageUrl": "https://openagent3.xyz/skills/git-secrets-scanner/agent", "manifestUrl": "https://openagent3.xyz/skills/git-secrets-scanner/agent.json", "briefUrl": "https://openagent3.xyz/skills/git-secrets-scanner/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Git 安全扫描器", "body": "检查提交中的敏感信息泄露。" }, { "title": "工具对比", "body": "工具Stars特点Gitleaks24,958最流行,Go 编写,快速TruffleHog24,612验证 secrets,支持多种格式git-secrets13,173AWS 官方,pre-commit hook" }, { "title": "Gitleaks(推荐)", "body": "# macOS\nbrew install gitleaks\n\n# Linux\n# 从 https://github.com/gitleaks/gitleaks/releases 下载\n\n# 或使用 Go\ngo install github.com/gitleaks/gitleaks/v8@latest" }, { "title": "TruffleHog", "body": "# macOS\nbrew install trufflehog\n\n# Linux\n# 从 https://github.com/trufflesecurity/trufflehog/releases 下载\n\n# 或使用 Docker\ndocker pull trufflesecurity/trufflehog:latest" }, { "title": "git-secrets", "body": "# macOS\nbrew install git-secrets\n\n# Linux\ngit clone https://github.com/awslabs/git-secrets.git\ncd git-secrets\nsudo make install" }, { "title": "1. 扫描当前仓库", "body": "# Gitleaks\ngitleaks detect --source . -v\n\n# TruffleHog\ntrufflehog git file://. --only-verified\n\n# git-secrets(需要先设置 hook)\ngit secrets --scan-history" }, { "title": "2. 扫描特定提交", "body": "# Gitleaks\ngitleaks detect --source . --log-opts=\"HEAD~1..HEAD\"\n\n# TruffleHog\ntrufflehog git file://. --commit=HEAD" }, { "title": "3. 扫描所有历史", "body": "# Gitleaks\ngitleaks detect --source . --log-opts=\"--all\"\n\n# TruffleHog\ntrufflehog git file://. --no-deletion" }, { "title": "4. 设置 pre-commit hook", "body": "# git-secrets\ncd your-repo\ngit secrets --install\ngit secrets --register-aws" }, { "title": "5. CI/CD 集成", "body": "# .github/workflows/security.yml\nname: Security Scan\non: [push, pull_request]\n\njobs:\n gitleaks:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v3\n with:\n fetch-depth: 0\n - uses: gitleaks/gitleaks-action@v2\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}" }, { "title": "API Keys", "body": "AWS Access Keys\nGitHub Tokens\nSlack Tokens\nStripe Keys\nMoltbook API Keys ✨" }, { "title": "密码", "body": "数据库密码\nSMTP 密码\nSSH 密钥" }, { "title": "Token", "body": "OAuth Tokens\nJWT Tokens\nBearer Tokens" }, { "title": "其他", "body": "私钥\n证书\n.env 文件" }, { "title": "输出示例", "body": "Finding: moltbook_sk_jX64MWE_yirqMSihBqb2B7slL64EygBt\nSecret: moltbook_sk_jX64MWE_yirqMSihBqb2B7slL64EygBt\nRuleID: generic-api-key\nEntropy: 4.562345\nFile: memory/moltbook-art-of-focus-post.md\nLine: 45\nCommit: abc1234\nAuthor: user@example.com\nDate: 2026-02-19T03:11:00Z\nFingerprint: abc123..." }, { "title": "1. 提交前扫描", "body": "# 添加到 .git/hooks/pre-commit\n#!/bin/bash\ngitleaks protect --staged" }, { "title": "2. 定期扫描", "body": "# 每周扫描\ncrontab -e\n0 0 * * 0 cd /path/to/repo && gitleaks detect --source ." }, { "title": "3. 扫描多个仓库", "body": "#!/bin/bash\nfor repo in ~/projects/*; do\n echo \"Scanning $repo...\"\n gitleaks detect --source \"$repo\" -v\ndone" }, { "title": "修复泄露的 Secret", "body": "如果发现泄露:\n\n立即撤销 - 重新生成 API key\n删除历史 - 从 git 历史中删除敏感信息\n强制推送 - git push --force(谨慎使用)\n通知团队 - 告知其他开发者" }, { "title": "使用 BFG 清理历史", "body": "# 安装 BFG\nbrew install bfg\n\n# 清理敏感文件\nbfg --delete-files .env\n\n# 清理敏感字符串\nbfg --replace-text passwords.txt\n\n# 强制推送\ngit push --force" }, { "title": ".gitleaks.toml", "body": "title = \"Custom Gitleaks Config\"\n\n[extend]\nuseDefault = true\n\n[[rules]]\nid = \"moltbook-api-key\"\ndescription = \"Moltbook API Key\"\nregex = '''moltbook_sk_[a-zA-Z0-9]{32}'''\ntags = [\"api-key\", \"moltbook\"]\n\n[allowlist]\npaths = [\n '''example\\.txt''',\n '''test/.*'''\n]" }, { "title": "注意事项", "body": "False Positives - 扫描器可能误报\n熵值 - 高熵值可能是敏感信息\n上下文 - 检查是否真的敏感\n验证 - TruffleHog 可以验证 secret 是否有效\n\n版本: 1.0.0\n工具: Gitleaks, TruffleHog, git-secrets" } ], "body": "Git 安全扫描器\n\n检查提交中的敏感信息泄露。\n\n工具对比\n工具\tStars\t特点\nGitleaks\t24,958\t最流行,Go 编写,快速\nTruffleHog\t24,612\t验证 secrets,支持多种格式\ngit-secrets\t13,173\tAWS 官方,pre-commit hook\n安装\nGitleaks(推荐)\n# macOS\nbrew install gitleaks\n\n# Linux\n# 从 https://github.com/gitleaks/gitleaks/releases 下载\n\n# 或使用 Go\ngo install github.com/gitleaks/gitleaks/v8@latest\n\nTruffleHog\n# macOS\nbrew install trufflehog\n\n# Linux\n# 从 https://github.com/trufflesecurity/trufflehog/releases 下载\n\n# 或使用 Docker\ndocker pull trufflesecurity/trufflehog:latest\n\ngit-secrets\n# macOS\nbrew install git-secrets\n\n# Linux\ngit clone https://github.com/awslabs/git-secrets.git\ncd git-secrets\nsudo make install\n\n使用方法\n1. 扫描当前仓库\n# Gitleaks\ngitleaks detect --source . -v\n\n# TruffleHog\ntrufflehog git file://. --only-verified\n\n# git-secrets(需要先设置 hook)\ngit secrets --scan-history\n\n2. 扫描特定提交\n# Gitleaks\ngitleaks detect --source . --log-opts=\"HEAD~1..HEAD\"\n\n# TruffleHog\ntrufflehog git file://. --commit=HEAD\n\n3. 扫描所有历史\n# Gitleaks\ngitleaks detect --source . --log-opts=\"--all\"\n\n# TruffleHog\ntrufflehog git file://. --no-deletion\n\n4. 设置 pre-commit hook\n# git-secrets\ncd your-repo\ngit secrets --install\ngit secrets --register-aws\n\n5. CI/CD 集成\n# .github/workflows/security.yml\nname: Security Scan\non: [push, pull_request]\n\njobs:\n gitleaks:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v3\n with:\n fetch-depth: 0\n - uses: gitleaks/gitleaks-action@v2\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n\n检测的内容\nAPI Keys\nAWS Access Keys\nGitHub Tokens\nSlack Tokens\nStripe Keys\nMoltbook API Keys ✨\n密码\n数据库密码\nSMTP 密码\nSSH 密钥\nToken\nOAuth Tokens\nJWT Tokens\nBearer Tokens\n其他\n私钥\n证书\n.env 文件\n输出示例\nFinding: moltbook_sk_jX64MWE_yirqMSihBqb2B7slL64EygBt\nSecret: moltbook_sk_jX64MWE_yirqMSihBqb2B7slL64EygBt\nRuleID: generic-api-key\nEntropy: 4.562345\nFile: memory/moltbook-art-of-focus-post.md\nLine: 45\nCommit: abc1234\nAuthor: user@example.com\nDate: 2026-02-19T03:11:00Z\nFingerprint: abc123...\n\n最佳实践\n1. 提交前扫描\n# 添加到 .git/hooks/pre-commit\n#!/bin/bash\ngitleaks protect --staged\n\n2. 定期扫描\n# 每周扫描\ncrontab -e\n0 0 * * 0 cd /path/to/repo && gitleaks detect --source .\n\n3. 扫描多个仓库\n#!/bin/bash\nfor repo in ~/projects/*; do\n echo \"Scanning $repo...\"\n gitleaks detect --source \"$repo\" -v\ndone\n\n修复泄露的 Secret\n\n如果发现泄露:\n\n立即撤销 - 重新生成 API key\n删除历史 - 从 git 历史中删除敏感信息\n强制推送 - git push --force(谨慎使用)\n通知团队 - 告知其他开发者\n使用 BFG 清理历史\n# 安装 BFG\nbrew install bfg\n\n# 清理敏感文件\nbfg --delete-files .env\n\n# 清理敏感字符串\nbfg --replace-text passwords.txt\n\n# 强制推送\ngit push --force\n\n配置文件\n.gitleaks.toml\ntitle = \"Custom Gitleaks Config\"\n\n[extend]\nuseDefault = true\n\n[[rules]]\nid = \"moltbook-api-key\"\ndescription = \"Moltbook API Key\"\nregex = '''moltbook_sk_[a-zA-Z0-9]{32}'''\ntags = [\"api-key\", \"moltbook\"]\n\n[allowlist]\npaths = [\n '''example\\.txt''',\n '''test/.*'''\n]\n\n注意事项\nFalse Positives - 扫描器可能误报\n熵值 - 高熵值可能是敏感信息\n上下文 - 检查是否真的敏感\n验证 - TruffleHog 可以验证 secret 是否有效\n\n版本: 1.0.0 工具: Gitleaks, TruffleHog, git-secrets" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/guohongbin-git/git-secrets-scanner", "publisherUrl": "https://clawhub.ai/guohongbin-git/git-secrets-scanner", "owner": "guohongbin-git", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/git-secrets-scanner", "downloadUrl": "https://openagent3.xyz/downloads/git-secrets-scanner", "agentUrl": "https://openagent3.xyz/skills/git-secrets-scanner/agent", "manifestUrl": "https://openagent3.xyz/skills/git-secrets-scanner/agent.json", "briefUrl": "https://openagent3.xyz/skills/git-secrets-scanner/agent.md" } }