Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

$pwd:

secret-scanner

Name: Secret Scanner
Author: alirezarezvani

// Detect exposed secrets, API keys, credentials, and tokens in code. Use before commits, on file saves, or when security is mentioned. Prevents accidental secret exposure. Triggers on file changes, git commits, security checks, .env file modifications.

Ejecutar en Manus

$ git log --oneline --stat

stars:713

forks:161

updated:24 de octubre de 2025, 12:08

Explorador de archivos

2 archivos

SKILL.md

readonly

related-skills.json

mismo repositorio

code-reviewer.md

from "alirezarezvani/claude-code-tresor"

Automatic code quality and best practices analysis. Use proactively when files are modified, saved, or committed. Analyzes code style, patterns, potential bugs, and security basics. Triggers on file changes, git diff, code edits, quality mentions.

2025-10-24713

git-commit-helper.md

from "alirezarezvani/claude-code-tresor"

Generate conventional commit messages automatically. Use when user runs git commit, stages changes, or asks for commit message help. Analyzes git diff to create clear, descriptive conventional commit messages. Triggers on git commit, staged changes, commit message requests.

2025-10-24713

test-generator.md

from "alirezarezvani/claude-code-tresor"

Automatically suggest tests for new functions and components. Use when new code is written, functions added, or user mentions testing. Creates test scaffolding with Jest, Vitest, Pytest patterns. Triggers on new functions, components, test requests, testing mentions.

2025-10-24713

api-documenter.md

from "alirezarezvani/claude-code-tresor"

Auto-generate API documentation from code and comments. Use when API endpoints change, or user mentions API docs. Creates OpenAPI/Swagger specs from code. Triggers on API file changes, documentation requests, endpoint additions.

2025-10-24713

readme-updater.md

from "alirezarezvani/claude-code-tresor"

Keep README files current with project changes. Use when project structure changes, features added, or setup instructions modified. Suggests README updates based on code changes. Triggers on significant project changes, new features, dependency changes.

2025-10-24713

dependency-auditor.md

from "alirezarezvani/claude-code-tresor"

Check dependencies for known vulnerabilities using npm audit, pip-audit, etc. Use when package.json or requirements.txt changes, or before deployments. Alerts on vulnerable dependencies. Triggers on dependency file changes, deployment prep, security mentions.

2025-10-24713

package.json

"author": "alirezarezvani"

"repository": "alirezarezvani/claude-code-tresor"

Abrir repositorio de GitHub Ver repositorios del creador

$ install --global

$ download --local

Ejecutar en Manus

$ useful --forSOC

Analistas de seguridad de la informaciónOcupaciones informáticas y matemáticas15-1212L4

name	secret-scanner
description	Detect exposed secrets, API keys, credentials, and tokens in code. Use before commits, on file saves, or when security is mentioned. Prevents accidental secret exposure. Triggers on file changes, git commits, security checks, .env file modifications.
allowed-tools	Read, Grep

Secret Scanner Skill

Prevent accidental secret exposure in your codebase.

When I Activate

✅ Before git commits
✅ Files modified/saved
✅ User mentions secrets, keys, or credentials
✅ .env files changed
✅ Configuration files modified

What I Detect

API Keys & Tokens

AWS access keys (AKIA...)
Stripe API keys (sk_live_..., pk_live_...)
GitHub tokens (ghp_...)
Google API keys
OAuth tokens
JWT secrets

Database Credentials

Database connection strings
MySQL/PostgreSQL passwords
MongoDB connection URIs
Redis passwords

Private Keys

SSH private keys
RSA/DSA keys
PGP/GPG keys
SSL certificates

Authentication Secrets

Password variables
Auth tokens
Session secrets
Encryption keys

Alert Examples

API Key Detection

// You type:
const apiKey = 'sk_live_1234567890abcdef';

// I immediately alert:
🚨 CRITICAL: Exposed Stripe API key detected!
📍 File: config.js, Line 3
🔧 Fix: Use environment variables
  const apiKey = process.env.STRIPE_API_KEY;
📖 Add to .gitignore: .env

AWS Credentials

# You type:
aws_access_key = "AKIAIOSFODNN7EXAMPLE"

# I alert:
🚨 CRITICAL: AWS access key exposed!
📍 File: aws_config.py, Line 1
🔧 Fix: Use AWS credentials file or environment variables
  aws_access_key = os.getenv("AWS_ACCESS_KEY_ID")
📖 Never commit AWS credentials

Database Password

# You type in docker-compose.yml:
environment:
  DB_PASSWORD: "mySecretPassword123"

# I alert:
🚨 CRITICAL: Database password in configuration file!
📍 File: docker-compose.yml, Line 5
🔧 Fix: Use .env file
  DB_PASSWORD: ${DB_PASSWORD}
📖 Add .env to .gitignore

Detection Patterns

Pattern Types

High Confidence:

Known API key formats (Stripe, AWS, etc.)
Private key headers
JWT tokens
Connection strings with credentials

Medium Confidence:

Variables named "password", "secret", "key"
Base64 encoded strings in sensitive contexts
Long random strings in assignments

Low Confidence (Flagged for Review):

Generic secret patterns
Potential credentials in comments

Git Integration

Pre-Commit Protection

# Before commit, I scan:
git add .
git commit

# I block if secrets found:
🚨 CRITICAL: Cannot commit - secrets detected!
📍 3 secrets found:
  - config.js:12 - API key
  - .env:5 - Database password (in gitignore - OK)
  - auth.js:45 - JWT secret

❌ Commit blocked - remove secrets first

.gitignore Validation

I check if sensitive files are in .gitignore:

✅ .env - In .gitignore (good)
⚠️ config/secrets.json - NOT in .gitignore (add it!)
✅ .aws/credentials - In .gitignore (good)

False Positive Handling

Example Files

// I understand these are examples:
// Example: const apiKey = 'your_api_key_here';
// TODO: Add your API key from environment

Test Files

// Test fixtures are OK (but flagged for review):
const mockApiKey = 'sk_test_1234567890abcdef';  // ✅ Test key

Documentation

<!-- Documentation examples are flagged but low priority -->
Set your API key: `export API_KEY=your_key_here`

Relationship with security-auditor

secret-scanner (me): Exposed secrets and credentials security-auditor: Code vulnerability patterns

Together

secret-scanner: Finds hardcoded API key
security-auditor: Finds how the key is used insecurely
Combined: Complete security picture

Quick Fixes

Move to Environment Variables

// Before:
const apiKey = 'sk_live_abc123';

// After:
const apiKey = process.env.API_KEY;

// .env file (add to .gitignore):
API_KEY=sk_live_abc123

Use Secret Management

// AWS Secrets Manager
const AWS = require('aws-sdk');
const secrets = new AWS.SecretsManager();
const secret = await secrets.getSecretValue({ SecretId: 'myApiKey' }).promise();

Configuration Files

# docker-compose.yml
services:
  app:
    environment:
      - API_KEY=${API_KEY}  # From .env file

# .env (gitignored)
API_KEY=sk_live_abc123

Sandboxing Compatibility

Works without sandboxing: ✅ Yes (recommended) Works with sandboxing: ✅ Yes

Filesystem: Read-only access
Network: None required
Configuration: None required

Customization

Add company-specific secret patterns:

cp -r ~/.claude/skills/security/secret-scanner \
      ~/.claude/skills/security/company-secret-scanner

# Edit SKILL.md to add:
# - Internal API key formats
# - Company-specific secret patterns
# - Custom detection rules

Best Practices

Never commit secrets - Use environment variables
Use .gitignore - Add .env, secrets.json, etc.
Rotate exposed secrets - If committed, rotate immediately
Use secret management - AWS Secrets Manager, HashiCorp Vault
Audit regularly - Review code for exposed secrets

Emergency Response

If Secret Committed

Rotate the secret immediately

Remove from git history

git filter-branch --force --index-filter \
  "git rm --cached --ignore-unmatch config/secrets.json" \
  --prune-empty --tag-name-filter cat -- --all

Force push (coordinate with team)
Update all deployments with new secret

Related Tools

security-auditor skill: Vulnerability detection
@code-reviewer sub-agent: Security review
/review command: Comprehensive security check

secret-scanner

Más de este repositorio

Más de este repositorio

Secret Scanner Skill

When I Activate

What I Detect

API Keys & Tokens

Database Credentials

Private Keys

Authentication Secrets

Alert Examples

API Key Detection

AWS Credentials

Database Password

Detection Patterns

Pattern Types

Git Integration

Pre-Commit Protection

.gitignore Validation

False Positive Handling

Example Files

Test Files

Documentation

Relationship with security-auditor

Together

Quick Fixes

Move to Environment Variables

Use Secret Management

Configuration Files

Sandboxing Compatibility

Customization

Best Practices

Emergency Response

If Secret Committed

Related Tools

Secret Scanner Skill

When I Activate

What I Detect

API Keys & Tokens

Database Credentials

Private Keys

Authentication Secrets

Alert Examples

API Key Detection

AWS Credentials

Database Password

Detection Patterns

Pattern Types

Git Integration

Pre-Commit Protection

.gitignore Validation

False Positive Handling

Example Files

Test Files

Documentation

Relationship with security-auditor

Together

Quick Fixes

Move to Environment Variables

Use Secret Management

Configuration Files

Sandboxing Compatibility

Customization

Best Practices

Emergency Response

If Secret Committed

Related Tools