Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

openclaw/doro-git-secrets-scanner

Name: doro-git-secrets-scanner
Author: openclaw

a2mus/doro-git-secrets-scanner/SKILL.md

npx skillsauth add openclaw/skills doro-git-secrets-scanner

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Git 安全扫描器

检查提交中的敏感信息泄露。

工具对比

| 工具 | Stars | 特点 | |------|-------|------| | Gitleaks | 24,958 | 最流行，Go 编写，快速 | | TruffleHog | 24,612 | 验证 secrets，支持多种格式 | | git-secrets | 13,173 | AWS 官方，pre-commit hook |

安装

Gitleaks（推荐）

# macOS
brew install gitleaks

# Linux
# 从 https://github.com/gitleaks/gitleaks/releases 下载

# 或使用 Go
go install github.com/gitleaks/gitleaks/v8@latest

TruffleHog

# macOS
brew install trufflehog

# Linux
# 从 https://github.com/trufflesecurity/trufflehog/releases 下载

# 或使用 Docker
docker pull trufflesecurity/trufflehog:latest

git-secrets

# macOS
brew install git-secrets

# Linux
git clone https://github.com/awslabs/git-secrets.git
cd git-secrets
sudo make install

使用方法

1. 扫描当前仓库

# Gitleaks
gitleaks detect --source . -v

# TruffleHog
trufflehog git file://. --only-verified

# git-secrets（需要先设置 hook）
git secrets --scan-history

2. 扫描特定提交

# Gitleaks
gitleaks detect --source . --log-opts="HEAD~1..HEAD"

# TruffleHog
trufflehog git file://. --commit=HEAD

3. 扫描所有历史

# Gitleaks
gitleaks detect --source . --log-opts="--all"

# TruffleHog
trufflehog git file://. --no-deletion

4. 设置 pre-commit hook

# git-secrets
cd your-repo
git secrets --install
git secrets --register-aws

5. CI/CD 集成

# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]

jobs:
  gitleaks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - uses: gitleaks/gitleaks-action@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

检测的内容

API Keys

AWS Access Keys
GitHub Tokens
Slack Tokens
Stripe Keys
Moltbook API Keys ✨

密码

数据库密码
SMTP 密码
SSH 密钥

Token

OAuth Tokens
JWT Tokens
Bearer Tokens

其他

私钥
证书
.env 文件

输出示例

Finding:     moltbook_sk_jX64MWE_yirqMSihBqb2B7slL64EygBt
Secret:      moltbook_sk_jX64MWE_yirqMSihBqb2B7slL64EygBt
RuleID:      generic-api-key
Entropy:     4.562345
File:        memory/moltbook-art-of-focus-post.md
Line:        45
Commit:      abc1234
Author:      [email protected]
Date:        2026-02-19T03:11:00Z
Fingerprint: abc123...

最佳实践

1. 提交前扫描

# 添加到 .git/hooks/pre-commit
#!/bin/bash
gitleaks protect --staged

2. 定期扫描

# 每周扫描
crontab -e
0 0 * * 0 cd /path/to/repo && gitleaks detect --source .

3. 扫描多个仓库

#!/bin/bash
for repo in ~/projects/*; do
  echo "Scanning $repo..."
  gitleaks detect --source "$repo" -v
done

修复泄露的 Secret

如果发现泄露：

立即撤销 - 重新生成 API key
删除历史 - 从 git 历史中删除敏感信息
强制推送 - git push --force（谨慎使用）
通知团队 - 告知其他开发者

使用 BFG 清理历史

# 安装 BFG
brew install bfg

# 清理敏感文件
bfg --delete-files .env

# 清理敏感字符串
bfg --replace-text passwords.txt

# 强制推送
git push --force

配置文件

.gitleaks.toml

title = "Custom Gitleaks Config"

[extend]
useDefault = true

[[rules]]
id = "moltbook-api-key"
description = "Moltbook API Key"
regex = '''moltbook_sk_[a-zA-Z0-9]{32}'''
tags = ["api-key", "moltbook"]

[allowlist]
paths = [
  '''example\.txt''',
  '''test/.*'''
]

注意事项

False Positives - 扫描器可能误报
熵值 - 高熵值可能是敏感信息
上下文 - 检查是否真的敏感
验证 - TruffleHog 可以验证 secret 是否有效

版本: 1.0.0 工具: Gitleaks, TruffleHog, git-secrets

openclaw/doro-git-secrets-scanner

a2mus/doro-git-secrets-scanner/SKILL.md

Git 安全扫描器 - 检查提交中的敏感信息泄露（API keys、密码、token）

3,729 stars

development

Updated Apr 2, 2026

$ install --global

skillsauth

npx skillsauth add openclaw/skills doro-git-secrets-scanner

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 3, 2026, 7:48 AM91.5s1 file scanned

SKILL.md

Git 安全扫描器

检查提交中的敏感信息泄露。

工具对比

安装

Gitleaks（推荐）

# macOS
brew install gitleaks

# Linux
# 从 https://github.com/gitleaks/gitleaks/releases 下载

# 或使用 Go
go install github.com/gitleaks/gitleaks/v8@latest

TruffleHog

# macOS
brew install trufflehog

# Linux
# 从 https://github.com/trufflesecurity/trufflehog/releases 下载

# 或使用 Docker
docker pull trufflesecurity/trufflehog:latest

git-secrets

# macOS
brew install git-secrets

# Linux
git clone https://github.com/awslabs/git-secrets.git
cd git-secrets
sudo make install

使用方法

1. 扫描当前仓库

# Gitleaks
gitleaks detect --source . -v

# TruffleHog
trufflehog git file://. --only-verified

# git-secrets（需要先设置 hook）
git secrets --scan-history

2. 扫描特定提交

# Gitleaks
gitleaks detect --source . --log-opts="HEAD~1..HEAD"

# TruffleHog
trufflehog git file://. --commit=HEAD

3. 扫描所有历史

# Gitleaks
gitleaks detect --source . --log-opts="--all"

# TruffleHog
trufflehog git file://. --no-deletion

4. 设置 pre-commit hook

# git-secrets
cd your-repo
git secrets --install
git secrets --register-aws

5. CI/CD 集成

# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]

jobs:
  gitleaks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - uses: gitleaks/gitleaks-action@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

检测的内容

API Keys

AWS Access Keys
GitHub Tokens
Slack Tokens
Stripe Keys
Moltbook API Keys ✨

密码

数据库密码
SMTP 密码
SSH 密钥

Token

OAuth Tokens
JWT Tokens
Bearer Tokens

其他

私钥
证书
.env 文件

输出示例

Finding:     moltbook_sk_jX64MWE_yirqMSihBqb2B7slL64EygBt
Secret:      moltbook_sk_jX64MWE_yirqMSihBqb2B7slL64EygBt
RuleID:      generic-api-key
Entropy:     4.562345
File:        memory/moltbook-art-of-focus-post.md
Line:        45
Commit:      abc1234
Author:      [email protected]
Date:        2026-02-19T03:11:00Z
Fingerprint: abc123...

最佳实践

1. 提交前扫描

# 添加到 .git/hooks/pre-commit
#!/bin/bash
gitleaks protect --staged

2. 定期扫描

# 每周扫描
crontab -e
0 0 * * 0 cd /path/to/repo && gitleaks detect --source .

3. 扫描多个仓库

#!/bin/bash
for repo in ~/projects/*; do
  echo "Scanning $repo..."
  gitleaks detect --source "$repo" -v
done

修复泄露的 Secret

如果发现泄露：

立即撤销 - 重新生成 API key
删除历史 - 从 git 历史中删除敏感信息
强制推送 - git push --force（谨慎使用）
通知团队 - 告知其他开发者

使用 BFG 清理历史

# 安装 BFG
brew install bfg

# 清理敏感文件
bfg --delete-files .env

# 清理敏感字符串
bfg --replace-text passwords.txt

# 强制推送
git push --force

配置文件

.gitleaks.toml

title = "Custom Gitleaks Config"

[extend]
useDefault = true

[[rules]]
id = "moltbook-api-key"
description = "Moltbook API Key"
regex = '''moltbook_sk_[a-zA-Z0-9]{32}'''
tags = ["api-key", "moltbook"]

[allowlist]
paths = [
  '''example\.txt''',
  '''test/.*'''
]

注意事项

False Positives - 扫描器可能误报
熵值 - 高熵值可能是敏感信息
上下文 - 检查是否真的敏感
验证 - TruffleHog 可以验证 secret 是否有效

版本: 1.0.0 工具: Gitleaks, TruffleHog, git-secrets

Related Skills

openclaw/mcdonalds-skill

tools

VerifiedTrustedCommunity

Use when the user wants to connect to, test, or use the McDonalds service at mcp.mcd.cn, including checking authentication, probing MCP endpoints, listing tools, or calling McDonalds MCP tools through a reusable local CLI.

3,962SKILL.mdUpdated Apr 10, 2026

openclaw/mcdonalds-skill

openclaw/scrapebadger

development

VerifiedTrustedCommunity

Web scraping platform — Twitter/X data, Vinted marketplace, and general web scraping API

3,962SKILL.mdUpdated Apr 10, 2026

openclaw/scrapebadger

openclaw/slowmist-security-cc

development

VerifiedTrustedCommunity

SlowMist AI Agent Security Review — comprehensive security framework for skills, repositories, URLs, on-chain addresses, and products (Claude Code version)

3,962SKILL.mdUpdated Apr 10, 2026

openclaw/slowmist-security-cc

openclaw/humanizer-cn

data-ai

VerifiedTrustedCommunity

去除中文文本中的 AI 写作痕迹，使其读起来自然。基于维基百科 AI 写作特征指南，检测 24 种 AI 模式。触发词：humanizer-cn、去除 AI 痕迹、去除 AI 写作痕迹、中文文本人性化。

3,962SKILL.mdUpdated Apr 10, 2026

openclaw/humanizer-cn

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/openclaw/skills.git

# Copy into Claude Code skills folder (global)
cp -r skills/a2mus/doro-git-secrets-scanner ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

openclaw/skills

3,729 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT