gouzhuang/privacy-review
skills/privacy-review/SKILL.md
Scan codebases for privacy data leakage risks such as hardcoded secrets, API keys, passwords, database connection strings, JWT tokens, email addresses, phone numbers, and ID cards. Use when the user wants to check code for privacy compliance, security audit, or before open-sourcing a project. Triggered by requests like 'check for privacy leaks', 'scan for secrets', 'privacy review', 'find hardcoded credentials', or 'check for PII in code'.
development
Updated Apr 22, 2026
$ install --global
skillsauthnpx skillsauth add gouzhuang/agent-skills privacy-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 9:10 PM63.0s2 files scanned
SKILL.md
- name:
- privacy-review
- description:
- Scan codebases for privacy data leakage risks such as hardcoded secrets, API keys, passwords, database connection strings, JWT tokens, email addresses, phone numbers, and ID cards. Use when the user wants to check code for privacy compliance, security audit, or before open-sourcing a project. Triggered by requests like 'check for privacy leaks', 'scan for secrets', 'privacy review', 'find hardcoded credentials', or 'check for PII in code'.
privacy-review
扫描代码库中的隐私数据泄漏风险。适用于代码审查、安全审计、开源发布前的隐私合规检查。
快速开始
# 扫描当前目录(JSON 输出)
python skills/privacy-review/scripts/privacy_review.py
# 扫描指定目录,文本输出
python skills/privacy-review/scripts/privacy_review.py /path/to/project --format text
# 只显示高危问题
python skills/privacy-review/scripts/privacy_review.py . --severity high
# 排除特定文件或目录
python skills/privacy-review/scripts/privacy_review.py . --exclude "*.test.js" --exclude "fixtures/"
检测规则
| 规则名 | 严重级别 | 说明 | |--------|---------|------| | Private Key | high | PEM/OPENSSH/DSA/EC/PGP 私钥 | | AWS Access Key ID | high | AKIA 开头的 AWS Key | | AWS Secret Access Key | high | AWS Secret Access Key | | Generic API Key | high | 硬编码 API Key | | Generic Secret Token | high | Secret / Access Token / Bearer Token | | Hardcoded Password | high | 硬编码密码 | | Database Connection String | high | 含密码的数据库连接字符串 | | GitHub Token | high | GitHub Personal / OAuth / App Token | | Slack Token | high | Slack Bot / User Token | | JWT Token | medium | JSON Web Token | | Email Address | medium | 邮箱地址 | | Chinese Mobile Number | low | 中国大陆手机号 | | Chinese ID Card | low | 15 位或 18 位身份证号 | | IPv4 Address | low | IPv4 地址(排除私有地址段) |
命令行参数
python privacy_review.py [path] [options]
| 参数 | 简写 | 默认值 | 说明 |
|------|------|--------|------|
| path | - | . | 要扫描的路径 |
| --format | -f | json | 输出格式:json 或 text |
| --severity | -s | all | 按严重级别过滤:high、medium、low、all |
| --exclude | -e | - | 排除模式,可多次使用,支持通配符 |
输出格式
JSON(默认)
{
"scan_summary": {
"target_path": "/home/user/project",
"files_scanned": 42,
"issues_found": 3,
"high": 1,
"medium": 1,
"low": 1
},
"results": [
{
"file": "src/config.py",
"line": 15,
"rule": "Generic API Key",
"severity": "high",
"match": "api_key = \"sk-abc123...\"",
"description": "检测到硬编码 API Key"
}
]
}
Text
按严重级别分组输出,适合直接在终端阅读。
自动排除项
脚本默认跳过以下目录和文件类型,无需手动配置:
- 目录:
.git、.svn、node_modules、__pycache__、.venv、venv、.tox、.pytest_cache、build、dist、target、vendor - 文件:
*.pyc、*.min.js、*.lock、*.sum、图片、音视频、压缩包、Office 文档、二进制文件 - 超大文件:大于 10MB 的文件
退出码
| 退出码 | 含义 | |--------|------| | 0 | 扫描完成,未发现高危问题 | | 1 | 扫描完成,发现至少一个 high 级别问题,或路径不存在 |
最佳实践
- CI/CD 集成:在代码提交前或合并请求时运行,设置
--severity high作为门禁条件 - 开源前检查:公开发布前扫描整个仓库,确保无硬编码凭证
- 处理误报:
- 测试数据中的假密码可用
--exclude排除测试目录 - 文档中的示例可用
--exclude "*.md"排除
- 测试数据中的假密码可用
- 人工复核:本工具为辅助扫描,命中结果需人工确认是否为真实泄漏
- 注意边界:脚本使用正则匹配,可能出现误报或漏报,重要场景建议配合专用工具(如 git-secrets、truffleHog)使用
Related Skills
gouzhuang/update-changelog
documentation
VerifiedTrustedCommunity
根据Git暂存变更或会话内容更新变更日志文件(CHANGELOG.md)。支持自动分析git变更、基于会话内容生成日志、符合项目风格的变更日志。
SKILL.mdUpdated Apr 22, 2026
gouzhuang/pdf
content-media
VerifiedTrustedCommunity
Use this skill whenever the user wants to do anything with PDF files. This includes reading or extracting text/tables from PDFs, combining or merging multiple PDFs into one, splitting PDFs apart, rotating pages, adding watermarks, creating new PDFs, filling PDF forms, encrypting/decrypting PDFs, extracting images, cleaning background noise from scanned PDFs, and OCR on scanned PDFs to make them searchable. If the user mentions a .pdf file or asks to produce one, use this skill.
SKILL.mdUpdated Apr 22, 2026
gouzhuang/loinc-query
development
VerifiedTrustedCommunity
Query the LOINC medical terminology database via the Regenstrief Search API. Use when the user needs to search for LOINC codes, parts, answer lists, or groups. Supports advanced search syntax including field restrictions (Component:, System:, etc.), boolean operators (AND/OR/NOT), wildcards, fuzzy search, and phrase search. Triggered by requests like "find LOINC code for X", "search LOINC", "look up LOINC term", "LOINC code for glucose/blood test/etc.", or any medical terminology lookup task involving LOINC.
SKILL.mdUpdated Apr 22, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026