eddowding/secrets-audit
vault/Operations/Claude/skills/coding/secrets-audit/SKILL.md
Scan repository for accidentally committed secrets and credentials using gitleaks.
testing
Updated Apr 4, 2026
$ install --global
skillsauthnpx skillsauth add eddowding/cortex secrets-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 4, 2026, 6:41 PM281.3s1 file scanned
SKILL.md
- name:
- secrets-audit
- description:
- Scan repository for accidentally committed secrets and credentials using gitleaks.
- last_updated:
- 2026-01-10
- tools_required:
- [Bash]
- agent_type:
- main_agent
Secrets Audit
Scan for accidentally committed secrets and credentials.
[GOAL]
Find and remediate any exposed secrets in the repository.
[CONTEXT]
Uses gitleaks (1000+ built-in patterns + entropy analysis) to detect:
- API keys (OpenAI, Google, AWS, etc.)
- Auth tokens and bearer tokens
- Passwords and credentials
- High-entropy strings
Excludes: Journal/, .obsidian/, node_modules/
[PROCESS]
1. Run audit
gitleaks detect --source . --verbose
2. Review findings
If secrets found:
SECRETS DETECTED
Finding: openai-key
Secret: sk-proj-***REDACTED***
File: path/to/file.md:215
If clean:
NO SECRETS DETECTED
Repository is clean!
3. Remediate (if needed)
For each secret found:
-
Remove from file:
sk-proj-ACTUAL_KEY → sk-proj-YOUR_KEY_HERE -
Move to ~/.secrets/:
echo "OPENAI_API_KEY=sk-proj-ACTUAL_KEY" >> ~/.secrets/openai -
Update documentation:
# Before API Key: `sk-proj-ACTUAL_KEY` # After API Key: `source ~/.secrets/openai && echo $OPENAI_API_KEY` -
Rotate the secret - Generate new key from provider
-
(Optional) Clean git history:
git-filter-repo --path "file-with-secret.md" --invert-paths
[WHEN TO USE]
- Regular audits: Weekly or monthly
- Before important commits: Double-check sensitive work
- After adding integrations: Verify no new API keys exposed
- Security reviews: Part of periodic hygiene
[IMPORTANT]
- Pre-commit hook automatically blocks commits with secrets
- Can bypass with
--no-verify(not recommended) - False positives can be added to
.gitleaks.tomlallowlist
See Also
.gitleaks.toml- Audit configuration
Related Skills
eddowding/when-stuck
tools
VerifiedTrustedCommunity
Dispatch to the right problem-solving technique based on how you're stuck.
SKILL.mdUpdated Apr 4, 2026
eddowding/sounding-board-mode
testing
VerifiedTrustedCommunity
Interactive brainstorming and advisory mode that helps think through questions, critique approaches, propose alternatives, and reach optimal decisions.
SKILL.mdUpdated Apr 4, 2026
eddowding/simplification-cascades
tools
VerifiedTrustedCommunity
Find one insight that eliminates multiple components - 'if this is true, we don't need X, Y, or Z'
SKILL.mdUpdated Apr 4, 2026
eddowding/scale-game
testing
VerifiedTrustedCommunity
Test at extremes (1000x bigger/smaller) to expose fundamental truths hidden at normal scales.
SKILL.mdUpdated Apr 4, 2026