install
source · Clone the upstream repo
git clone https://github.com/sundial-org/awesome-openclaw-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/sundial-org/awesome-openclaw-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/secret-scanner" ~/.claude/skills/sundial-org-awesome-openclaw-skills-secret-scanner && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/sundial-org/awesome-openclaw-skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/secret-scanner" ~/.openclaw/skills/sundial-org-awesome-openclaw-skills-secret-scanner && rm -rf "$T"
manifest:
skills/secret-scanner/SKILL.mdsource content
Secret Scanner
Scan your codebase for leaked secrets, API keys, and credentials before they hit production.
Quick Start
npx ai-secret-scan
What It Does
- Scans files for hardcoded secrets and API keys
- Detects common patterns (AWS, Stripe, GitHub tokens, etc.)
- Checks .env files for sensitive data exposure
- Warns about secrets in git history
- Zero config, instant results
Usage
# Scan current directory npx ai-secret-scan # Scan specific path npx ai-secret-scan ./src
When to Use
- Before pushing to a public repo
- During security audits
- Setting up CI/CD pipelines
- Onboarding new team members
Part of the LXGIC Dev Toolkit
One of 110+ free developer tools from LXGIC Studios. No paywalls, no sign-ups.
Find more:
- GitHub: https://github.com/lxgic-studios
- Twitter: https://x.com/lxgicstudios
- Substack: https://lxgicstudios.substack.com
- Website: https://lxgicstudios.com
License
MIT. Free forever.