Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

timequity/secrets-guardian

Name: secrets-guardian
Author: timequity

skills/secrets-guardian/SKILL.md

npx skillsauth add timequity/vibe-coder secrets-guardian

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Secrets Guardian

Multi-layered protection against accidental secret commits. Critical for AI-assisted development where agents may not recognize sensitive data.

Quick Setup

For new projects, run this setup:

# 1. Check if pre-commit is installed
which pre-commit || pip install pre-commit

# 2. Copy pre-commit config from assets
# See assets/pre-commit-config.yaml

# 3. Create secrets baseline
echo '{"version": "1.5.0", "results": {}}' > .secrets.baseline

# 4. Install hooks
pre-commit install
pre-commit install --hook-type pre-push

# 5. Verify .gitignore has secret patterns
# See assets/gitignore-secrets

Commands

Setup Protection

When user says "настрой защиту секретов" or "setup secrets protection":

Check existing setup:

ls -la .pre-commit-config.yaml .secrets.baseline .gitignore 2>/dev/null

If .pre-commit-config.yaml missing:
- Copy from assets/pre-commit-config.yaml
- Or add secret scanning hooks to existing config
Check .gitignore for secret patterns:

grep -E "\.env|\.key|API_KEY|secret" .gitignore

If missing, append patterns from assets/gitignore-secrets

Create .secrets.baseline:

echo '{"version": "1.5.0", "results": {}}' > .secrets.baseline

Install hooks:

pre-commit install
pre-commit install --hook-type pre-push

Ask about CI/CD:
- "Добавить GitHub Actions workflow для проверки секретов в CI?"
- If yes, copy assets/security-workflow.yaml to .github/workflows/

Scan for Secrets

When user says "проверь секреты" or "check secrets":

# Quick scan with gitleaks
gitleaks detect --no-git -v

# Detailed scan with detect-secrets
detect-secrets scan --all-files

Report findings and suggest fixes.

Fix Leaked Secret

When secret is detected:

Identify the secret type (API key, password, private key, etc.)
Suggest remediation:
- Move to .env file (ensure it's in .gitignore)
- Use environment variable: os.environ.get("API_KEY")
- For false positives: update .secrets.baseline
If already committed:
- Rotate the credential immediately
- Consider git history cleanup (if not pushed)
- Warn about exposed secrets in git history

Update Baseline

For false positives, update the baseline:

detect-secrets scan --baseline .secrets.baseline

Proactive Checks

IMPORTANT: When working in any project, check for secret protection:

# Quick check
if [ ! -f .pre-commit-config.yaml ]; then
  echo "WARNING: No pre-commit config found"
fi

If missing, ask user: "В проекте нет защиты от утечки секретов. Настроить?"

Reference Files

Setup Guide - Detailed installation steps
Tools Reference - gitleaks, detect-secrets, etc.

Asset Files

Copy these to project as needed:

assets/pre-commit-config.yaml - Pre-commit hooks configuration
assets/gitignore-secrets - Patterns to add to .gitignore
assets/security-workflow.yaml - GitHub Actions CI workflow

timequity/secrets-guardian

skills/secrets-guardian/SKILL.md

Protect repositories from accidental secret commits. Essential when working with AI agents. Use when: setting up new project, adding pre-commit hooks, scanning for secrets, fixing leaked credentials. Triggers: "настрой защиту секретов", "setup secrets", "check secrets", "scan secrets", "проверь секреты", "pre-commit", "gitleaks". PROACTIVELY suggest when creating new projects or when .pre-commit-config.yaml is missing.

testing

Updated Apr 17, 2026

$ install --global

skillsauth

npx skillsauth add timequity/vibe-coder secrets-guardian

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 17, 2026, 8:22 AM4.6s5 files scanned

SKILL.md

name:: secrets-guardian
description:: |
Use when:: setting up new project, adding pre-commit hooks, scanning for secrets, fixing leaked credentials.
Triggers:: настрой защиту секретов", "setup secrets", "check secrets", "scan secrets", "проверь секреты", "pre-commit", "gitleaks".

Secrets Guardian

Multi-layered protection against accidental secret commits. Critical for AI-assisted development where agents may not recognize sensitive data.

Quick Setup

For new projects, run this setup:

# 1. Check if pre-commit is installed
which pre-commit || pip install pre-commit

# 2. Copy pre-commit config from assets
# See assets/pre-commit-config.yaml

# 3. Create secrets baseline
echo '{"version": "1.5.0", "results": {}}' > .secrets.baseline

# 4. Install hooks
pre-commit install
pre-commit install --hook-type pre-push

# 5. Verify .gitignore has secret patterns
# See assets/gitignore-secrets

Commands

Setup Protection

When user says "настрой защиту секретов" or "setup secrets protection":

Check existing setup:

ls -la .pre-commit-config.yaml .secrets.baseline .gitignore 2>/dev/null

If .pre-commit-config.yaml missing:
- Copy from assets/pre-commit-config.yaml
- Or add secret scanning hooks to existing config
Check .gitignore for secret patterns:

grep -E "\.env|\.key|API_KEY|secret" .gitignore

If missing, append patterns from assets/gitignore-secrets

Create .secrets.baseline:

echo '{"version": "1.5.0", "results": {}}' > .secrets.baseline

Install hooks:

pre-commit install
pre-commit install --hook-type pre-push

Ask about CI/CD:
- "Добавить GitHub Actions workflow для проверки секретов в CI?"
- If yes, copy assets/security-workflow.yaml to .github/workflows/

Scan for Secrets

When user says "проверь секреты" or "check secrets":

# Quick scan with gitleaks
gitleaks detect --no-git -v

# Detailed scan with detect-secrets
detect-secrets scan --all-files

Report findings and suggest fixes.

Fix Leaked Secret

When secret is detected:

Identify the secret type (API key, password, private key, etc.)
Suggest remediation:
- Move to .env file (ensure it's in .gitignore)
- Use environment variable: os.environ.get("API_KEY")
- For false positives: update .secrets.baseline
If already committed:
- Rotate the credential immediately
- Consider git history cleanup (if not pushed)
- Warn about exposed secrets in git history

Update Baseline

For false positives, update the baseline:

detect-secrets scan --baseline .secrets.baseline

Proactive Checks

IMPORTANT: When working in any project, check for secret protection:

# Quick check
if [ ! -f .pre-commit-config.yaml ]; then
  echo "WARNING: No pre-commit config found"
fi

If missing, ask user: "В проекте нет защиты от утечки секретов. Настроить?"

Reference Files

Setup Guide - Detailed installation steps
Tools Reference - gitleaks, detect-secrets, etc.

Asset Files

Copy these to project as needed:

assets/pre-commit-config.yaml - Pre-commit hooks configuration
assets/gitignore-secrets - Patterns to add to .gitignore
assets/security-workflow.yaml - GitHub Actions CI workflow

Related Skills

timequity/verification-gate

development

VerifiedTrustedCommunity

Hidden quality gate that runs before showing "Done!" to user - ensures all tests pass, build succeeds, and requirements met before claiming completion

SKILL.mdUpdated Apr 17, 2026

timequity/verification-gate

timequity/verification-before-completion

data-ai

VerifiedTrustedCommunity

Use when about to claim work is complete or fixed - requires running verification commands and confirming output before making any success claims

SKILL.mdUpdated Apr 17, 2026

timequity/verification-before-completion

timequity/ui-generator

tools

VerifiedTrustedCommunity

Generate UI components from natural language descriptions. Use when: user asks for a page, component, or UI element. Triggers: "create page", "add component", "show form", "make button", "страница", "компонент", "форма".

SKILL.mdUpdated Apr 17, 2026

timequity/ui-generator

timequity/theme-factory

content-media

VerifiedTrustedCommunity

10 ready-to-use themes with colors and fonts for consistent styling. Use when: applying visual themes to pages, components, or design systems. Triggers: "theme", "color palette", "color scheme", "fonts", "branding", "visual identity", "design system colors".

SKILL.mdUpdated Apr 17, 2026

timequity/theme-factory

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/timequity/vibe-coder.git

# Copy into Claude Code skills folder (global)
cp -r vibe-coder/skills/secrets-guardian ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

timequity/vibe-coder

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT