Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

timequity/secrets-guardian

Name: secrets-guardian
Author: timequity

craft-coder/secrets-guardian/SKILL.md

Protect repositories from accidental secret commits. Essential when working with AI agents. Use when: setting up new project, adding pre-commit hooks, scanning for secrets, fixing leaked credentials. Triggers: "настрой защиту секретов", "setup secrets", "check secrets", "scan secrets", "проверь секреты", "pre-commit", "gitleaks". PROACTIVELY suggest when creating new projects or when .pre-commit-config.yaml is missing.

6 stars

testing

Updated Apr 20, 2026

$ install --global

skillsauth

npx skillsauth add timequity/plugins secrets-guardian

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 17, 2026, 8:22 AM4.6s5 files scanned

SKILL.md

name:: secrets-guardian
description:: |
Use when:: setting up new project, adding pre-commit hooks, scanning for secrets, fixing leaked credentials.
Triggers:: настрой защиту секретов", "setup secrets", "check secrets", "scan secrets", "проверь секреты", "pre-commit", "gitleaks".

Secrets Guardian

Multi-layered protection against accidental secret commits. Critical for AI-assisted development where agents may not recognize sensitive data.

Quick Setup

For new projects, run this setup:

# 1. Check if pre-commit is installed
which pre-commit || pip install pre-commit

# 2. Copy pre-commit config from assets
# See assets/pre-commit-config.yaml

# 3. Create secrets baseline
echo '{"version": "1.5.0", "results": {}}' > .secrets.baseline

# 4. Install hooks
pre-commit install
pre-commit install --hook-type pre-push

# 5. Verify .gitignore has secret patterns
# See assets/gitignore-secrets

Commands

Setup Protection

When user says "настрой защиту секретов" or "setup secrets protection":

Check existing setup:

ls -la .pre-commit-config.yaml .secrets.baseline .gitignore 2>/dev/null

If .pre-commit-config.yaml missing:
- Copy from assets/pre-commit-config.yaml
- Or add secret scanning hooks to existing config
Check .gitignore for secret patterns:

grep -E "\.env|\.key|API_KEY|secret" .gitignore

If missing, append patterns from assets/gitignore-secrets

Create .secrets.baseline:

echo '{"version": "1.5.0", "results": {}}' > .secrets.baseline

Install hooks:

pre-commit install
pre-commit install --hook-type pre-push

Ask about CI/CD:
- "Добавить GitHub Actions workflow для проверки секретов в CI?"
- If yes, copy assets/security-workflow.yaml to .github/workflows/

Scan for Secrets

When user says "проверь секреты" or "check secrets":

# Quick scan with gitleaks
gitleaks detect --no-git -v

# Detailed scan with detect-secrets
detect-secrets scan --all-files

Report findings and suggest fixes.

Fix Leaked Secret

When secret is detected:

Identify the secret type (API key, password, private key, etc.)
Suggest remediation:
- Move to .env file (ensure it's in .gitignore)
- Use environment variable: os.environ.get("API_KEY")
- For false positives: update .secrets.baseline
If already committed:
- Rotate the credential immediately
- Consider git history cleanup (if not pushed)
- Warn about exposed secrets in git history

Update Baseline

For false positives, update the baseline:

detect-secrets scan --baseline .secrets.baseline

Proactive Checks

IMPORTANT: When working in any project, check for secret protection:

# Quick check
if [ ! -f .pre-commit-config.yaml ]; then
  echo "WARNING: No pre-commit config found"
fi

If missing, ask user: "В проекте нет защиты от утечки секретов. Настроить?"

Reference Files

Setup Guide - Detailed installation steps
Tools Reference - gitleaks, detect-secrets, etc.

Asset Files

Copy these to project as needed:

assets/pre-commit-config.yaml - Pre-commit hooks configuration
assets/gitignore-secrets - Patterns to add to .gitignore
assets/security-workflow.yaml - GitHub Actions CI workflow

Related Skills

timequity/disaster-recovery

tools

VerifiedTrustedCommunity

Backup strategies, disaster recovery planning, and business continuity.

6SKILL.mdUpdated Apr 21, 2026

timequity/disaster-recovery

timequity/cost-optimization

devops

VerifiedTrustedCommunity

Cloud cost management, rightsizing, and FinOps practices.

6SKILL.mdUpdated Apr 21, 2026

timequity/cost-optimization

timequity/ci-cd-pipelines

testing

VerifiedTrustedCommunity

CI/CD pipeline design with GitHub Actions, GitLab CI, and best practices.

6SKILL.mdUpdated Apr 21, 2026

timequity/ci-cd-pipelines

timequity/idea-validation

development

VerifiedTrustedCommunity

Validate idea and create detailed PRD. Saves docs/PRD.md to project. Use when: user describes an app idea, wants to create something new. Triggers: "I want to build", "create app", "make website", "build MVP", "хочу создать", "сделать приложение".

6SKILL.mdUpdated Apr 21, 2026

timequity/idea-validation

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/timequity/plugins.git

# Copy into Claude Code skills folder (global)
cp -r plugins/craft-coder/secrets-guardian ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

timequity/plugins

6 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT

timequity/secrets-guardian

craft-coder/secrets-guardian/SKILL.md

6 stars

testing

Updated Apr 20, 2026

$ install --global

skillsauth

npx skillsauth add timequity/plugins secrets-guardian

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 17, 2026, 8:22 AM4.6s5 files scanned

SKILL.md

name:: secrets-guardian
description:: |
Use when:: setting up new project, adding pre-commit hooks, scanning for secrets, fixing leaked credentials.
Triggers:: настрой защиту секретов", "setup secrets", "check secrets", "scan secrets", "проверь секреты", "pre-commit", "gitleaks".

Secrets Guardian

Multi-layered protection against accidental secret commits. Critical for AI-assisted development where agents may not recognize sensitive data.

Quick Setup

For new projects, run this setup:

# 1. Check if pre-commit is installed
which pre-commit || pip install pre-commit

# 2. Copy pre-commit config from assets
# See assets/pre-commit-config.yaml

# 3. Create secrets baseline
echo '{"version": "1.5.0", "results": {}}' > .secrets.baseline

# 4. Install hooks
pre-commit install
pre-commit install --hook-type pre-push

# 5. Verify .gitignore has secret patterns
# See assets/gitignore-secrets

Commands

Setup Protection

When user says "настрой защиту секретов" or "setup secrets protection":

Check existing setup:

ls -la .pre-commit-config.yaml .secrets.baseline .gitignore 2>/dev/null

If .pre-commit-config.yaml missing:
- Copy from assets/pre-commit-config.yaml
- Or add secret scanning hooks to existing config
Check .gitignore for secret patterns:

grep -E "\.env|\.key|API_KEY|secret" .gitignore

If missing, append patterns from assets/gitignore-secrets

Create .secrets.baseline:

echo '{"version": "1.5.0", "results": {}}' > .secrets.baseline

Install hooks:

pre-commit install
pre-commit install --hook-type pre-push

Ask about CI/CD:
- "Добавить GitHub Actions workflow для проверки секретов в CI?"
- If yes, copy assets/security-workflow.yaml to .github/workflows/

Scan for Secrets

When user says "проверь секреты" or "check secrets":

# Quick scan with gitleaks
gitleaks detect --no-git -v

# Detailed scan with detect-secrets
detect-secrets scan --all-files

Report findings and suggest fixes.

Fix Leaked Secret

When secret is detected:

Identify the secret type (API key, password, private key, etc.)
Suggest remediation:
- Move to .env file (ensure it's in .gitignore)
- Use environment variable: os.environ.get("API_KEY")
- For false positives: update .secrets.baseline
If already committed:
- Rotate the credential immediately
- Consider git history cleanup (if not pushed)
- Warn about exposed secrets in git history

Update Baseline

For false positives, update the baseline:

detect-secrets scan --baseline .secrets.baseline

Proactive Checks

IMPORTANT: When working in any project, check for secret protection:

# Quick check
if [ ! -f .pre-commit-config.yaml ]; then
  echo "WARNING: No pre-commit config found"
fi

If missing, ask user: "В проекте нет защиты от утечки секретов. Настроить?"

Reference Files

Setup Guide - Detailed installation steps
Tools Reference - gitleaks, detect-secrets, etc.

Asset Files

Copy these to project as needed:

assets/pre-commit-config.yaml - Pre-commit hooks configuration
assets/gitignore-secrets - Patterns to add to .gitignore
assets/security-workflow.yaml - GitHub Actions CI workflow

Related Skills

timequity/disaster-recovery

tools

VerifiedTrustedCommunity

Backup strategies, disaster recovery planning, and business continuity.

6SKILL.mdUpdated Apr 21, 2026

timequity/disaster-recovery

timequity/cost-optimization

devops

VerifiedTrustedCommunity

Cloud cost management, rightsizing, and FinOps practices.

6SKILL.mdUpdated Apr 21, 2026

timequity/cost-optimization

timequity/ci-cd-pipelines

testing

VerifiedTrustedCommunity

CI/CD pipeline design with GitHub Actions, GitLab CI, and best practices.

6SKILL.mdUpdated Apr 21, 2026

timequity/ci-cd-pipelines

timequity/idea-validation

development

VerifiedTrustedCommunity

6SKILL.mdUpdated Apr 21, 2026

timequity/idea-validation

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/timequity/plugins.git

# Copy into Claude Code skills folder (global)
cp -r plugins/craft-coder/secrets-guardian ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

timequity/plugins

6 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT