How does Repomix Safe Mixer prevent credential leaks?

The skill runs a security scan before the packaging process begins. If any patterns matching common API keys or tokens are found, the process is halted and a report is generated, preventing the creation of a package containing secrets.

Can I use the scanner without actually packaging my code?

Yes, you can use the standalone scan script provided by the skill to audit your codebase for security vulnerabilities without triggering the Repomix packaging process.

What types of secrets can this skill detect?

It detects a wide range of credentials including AWS Access Keys, Stripe and OpenAI API keys, JWT tokens, private keys, Google Gemini keys, and database connection strings.

What should I do if the skill finds a secret?

You should replace the hardcoded value with an environment variable reference, create a .env.example file for documentation, and rotate the exposed credential if it was previously committed to git.

Repomix Safe Mixer

Name: Repomix Safe Mixer
Author: daymade

bydaymade

•

108

•

セキュリティとテスト

Protects sensitive data by scanning for and preventing hardcoded credentials from being included in Repomix code packages.

Repomix Safe Mixer is a security-first utility designed to safeguard your codebase when packaging files for distribution or LLM context sharing. It enhances the standard Repomix workflow by automatically detecting API keys, database credentials, and tokens before they are bundled. By providing detailed reports of findings and a safety mechanism that blocks packaging when secrets are detected, it ensures that developers can share their work without the risk of accidental credential exposure.

主な機能

01Safety-locked packaging workflow that blocks Repomix if secrets are found

02Detailed reporting with precise file and line number locations for remediation

03108 GitHub stars

04Automated security scanning for AWS keys, Stripe tokens, OpenAI keys, and more

05Standalone scanning mode for auditing codebases without generating a package

06Customizable exclusion patterns to skip test files or intentional placeholders

ユースケース

01Running security audits on local repositories before committing to version control

02Creating clean distribution packages for open-source projects or client handovers

03Packaging a codebase to share as context for AI models without leaking production keys

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add daymade/claude-code-skills repomix-safe-mixer

For use in Claude.ai and ChatGPT

Download Skill