Does it verify my .gitignore file?

Yes, it specifically checks if sensitive files like .env are correctly listed in .gitignore to prevent them from being accidentally tracked in the future.

What types of secrets can this skill detect?

It identifies a wide range of patterns including OpenAI API keys, AWS credentials, database URLs, bearer tokens, and sensitive file extensions like .pem and .env.

How do I fix a leaked secret found by the scan?

The skill provides a remediation guide, including the specific git commands needed to scrub files from history and advice on rotating compromised credentials.

Can this be used in automated workflows?

Yes, it supports a quiet mode suitable for CI/CD integration, allowing you to fail builds if any privacy concerns are detected during the run.

Does it scan historical commits or just the current state?

It scans the entire git history for committed files and sensitive patterns to ensure no past secrets remain in the repository data.

Privacy Review & Secret Scanner

Name: Privacy Review & Secret Scanner
Author: emliunix

byemliunix

0•

安全与测试

Audits git repositories for sensitive data exposure to prevent accidental leaks of API keys, passwords, and credentials.

This skill automates the process of identifying sensitive information within git repositories before they are pushed to public remotes. It scans commit history for hardcoded secrets—including database URLs, OpenAI keys, and AWS credentials—while also verifying that sensitive files like .env are properly ignored. By providing structured reports and remediation guides for cleaning git history, it ensures developers maintain high security standards and avoid costly credential compromises during the development lifecycle.

主要功能

01Verifies .gitignore configurations to ensure local secrets aren't tracked

02Includes a guide for removing secrets from historical commits via git filter-branch

03Detects sensitive file extensions like .pem, .p12, and .env

04Provides automated reports with line-specific findings for quick remediation

05Scans git history for exposed API keys, tokens, and database credentials

060 GitHub stars

使用场景

01Integrating secret scanning into CI/CD pipelines to block insecure deployments

02Pre-push security checks to prevent accidental leaks to GitHub or GitLab

03Automated audits of legacy codebases to find forgotten hardcoded credentials

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add emliunix/home.conf privacy-review

For use in Claude.ai and ChatGPT

Download Skill