ワンクリックで
secret-scan
Catch hardcoded secrets, keys, and tokens before they get committed. Use before any commit and on any file with credentials.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Catch hardcoded secrets, keys, and tokens before they get committed. Use before any commit and on any file with credentials.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Review a diff against the goal spec assuming the code is BROKEN. The reviewer that lives in the maker's head always agrees with itself — this pulls review into a hostile, separate pass. Invoke after every code change before marking work done.
Verify that an endpoint checks ownership, not just authentication. Use on any handler that reads or mutates user data.
Find the exact commit that introduced a bug. Use when something worked before and broke, and you don't know which change did it.
Turn a set of commits or a diff into a clean, user-facing changelog entry. Use before a release or PR description.
Turn messy WIP into clean, atomic commits with messages that explain why. Use before opening a PR.
Keep the agent's context lean so accuracy doesn't collapse. Use on long sessions, big files, or when the agent starts hallucinating.
| name | secret-scan |
| description | Catch hardcoded secrets, keys, and tokens before they get committed. Use before any commit and on any file with credentials. |
| when_to_use | before commit, files with API keys, .env handling, config, connection strings |
Grep the diff for: api[_-]?key, secret, token, password, BEGIN PRIVATE KEY, AKIA[0-9A-Z]{16}, sk-, ghp_, bearer values, and long base64/hex blobs.
For each hit: is it a real secret or a placeholder? Real secrets:
.gitignore / a pre-commit secret scanner.
Output: file:line of every real secret + the rotation step. A deleted secret in git history is still leaked.