Which tools does this skill recommend for secret scanning?

The skill recommends industry-standard tools including Gitleaks for history scanning, TruffleHog, git-secrets for AWS-specific hooks, and detect-secrets.

Can I use this for internal security audits?

Absolutely. While designed for open-sourcing, it is an excellent tool for general security hygiene and internal compliance auditing.

Does this skill help fix exposed secrets?

Yes, it provides a workflow for remediation, including the use of git-filter-repo to permanently remove sensitive data from the repository history.

Why is scanning Git history important?

Secrets remain in the .git folder history even after being deleted from the current code version. Scanning history ensures these secrets aren't accessible via previous commits.

What kind of sensitive data does it look for?

It searches for API keys (OpenAI, Stripe, AWS), database connection strings, private certificates (.pem, .key), and personal information like emails or phone numbers.

Open Source Security Checker

Name: Open Source Security Checker
Author: shipshitdev

byshipshitdev

•

보안 및 테스팅

Scans codebases for secrets, API keys, and sensitive data to ensure safe public releases and robust security hygiene.

The Open Source Checker skill helps developers safely transition private repositories to public environments by identifying hardcoded credentials, personal information, and exposed secrets across the entire codebase and Git history. By integrating best practices for secret detection and recommending industry-standard tools like Gitleaks and TruffleHog, this skill prevents security breaches and ensures that sensitive data—such as AWS keys, Stripe tokens, or database connection strings—never reaches the public domain.

주요 기능

01Identifies exposed personal information (PII) and unignored environment files

02Provides remediation guidance for cleaning history using tools like git-filter-repo

0310 GitHub stars

04Detects hardcoded API keys, tokens, and credentials for major cloud and SaaS providers

05Audits Git history to identify secrets in previous commits, tags, and deleted files

06Recommends specialized security tools like Gitleaks, TruffleHog, and git-secrets

사용 사례

01Conducting a security audit of a legacy codebase to find forgotten credentials

02Preparing a private corporate repository for an official open-source release

03Setting up automated pre-commit hooks to prevent secrets from entering the repository

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add shipshitdev/library open-source-checker

For use in Claude.ai and ChatGPT

주요 기능

01Identifies exposed personal information (PII) and unignored environment files

02Provides remediation guidance for cleaning history using tools like git-filter-repo

0310 GitHub stars

04Detects hardcoded API keys, tokens, and credentials for major cloud and SaaS providers

05Audits Git history to identify secrets in previous commits, tags, and deleted files

06Recommends specialized security tools like Gitleaks, TruffleHog, and git-secrets

사용 사례

01Conducting a security audit of a legacy codebase to find forgotten credentials

02Preparing a private corporate repository for an official open-source release

03Setting up automated pre-commit hooks to prevent secrets from entering the repository

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add shipshitdev/library open-source-checker

For use in Claude.ai and ChatGPT