Changelog
Initial release in the security skill pack.
How it works
1
Identify codebase
Checks arguments or uses current directory
2
Pattern scan
Searches for API keys, passwords, tokens, AWS credentials, Slack tokens, GitHub tokens
3
File scan
Finds .env files, .pem keys, credential files that shouldn't be committed
4
Git history check
Looks for secrets in deleted files that are still in git history
5
Report
Table of findings with type, file, line, and risk level
6
Offer fixes
Adds patterns to .gitignore, replaces hardcoded values with env vars
Details
- Detects AWS, GCP, Slack, GitHub, OpenAI, and generic credential patterns
- Checks if .gitignore is properly configured
- Warns about secrets in git history even if files were deleted
- Offers to generate a .env.example with placeholder values
- Suggests pre-commit hooks to prevent future leaks