What happens if a secret is accidentally exposed?

The skill includes a response protocol to flag the exposure immediately to the user and recommend credential rotation.

Does this work in bypassPermissions mode?

Yes, these safety rules are unconditional and apply even when Claude is running in bypassPermissions or dontAsk modes.

What commands are forbidden by this skill?

Commands that dump environment variables, such as printenv, env, and set, as well as direct echo or cat commands on sensitive configuration files are strictly blocked.

How does this skill handle .env files?

It enforces an architecture where .env files only contain non-secret configuration like URLs or ports, while actual secrets are injected at runtime via tools like Doppler.

Can the agent still run dev servers?

Yes, it uses safe launch commands to ensure processes receive secrets via runtime injection without the agent ever seeing the raw values.

Agent Safety & Secret Protection

Name: Agent Safety & Secret Protection
Author: lucasilverentand

bylucasilverentand

•

安全与测试

Enforces a zero-trust secret architecture by preventing sensitive credentials from being stored on disk or exposed through shell commands.

This skill implements a strict 'no-secrets-on-disk' architecture for Claude, ensuring that API keys, database passwords, and other sensitive credentials never touch the local file system. It proactively blocks dangerous commands like printenv or echo, while facilitating secure runtime injection through tools like Doppler or platform-specific secret stores. It is essential for developers working in sensitive environments where accidental exposure of environment variables could lead to security breaches, providing a fail-safe layer that operates unconditionally, even in high-permission modes.

主要功能

01Blocks command-based secret exposure (e.g., printenv, set, echo)

02Provides safe patterns for debugging and environment inspection

032 GitHub stars

04Standardizes secure process launching via Doppler or shell injection

05Implements automated accidental exposure response protocols

06Enforces 'no-secrets-on-disk' file architecture standards

使用场景

01Debugging application configuration without dumping sensitive environment variables

02Bootstrapping new development environments without risking credential leaks

03Safely launching dev servers and background processes using secret managers

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add lucasilverentand/skills security

For use in Claude.ai and ChatGPT