Execute qualquer Skill no Manus
com um clique

Execute qualquer Skill no Manus com um clique

$pwd:

ship-safe-scan

Name: Ship Safe Scan
Author: asamassekou10

// Quick scan for leaked secrets — API keys, passwords, tokens, database URLs. Use when the user wants to check for hardcoded secrets or exposed credentials.

Executar no Manus

$ git log --oneline --stat

stars:712

forks:80

updated:17 de março de 2026 às 04:32

SKILL.md

readonly

name	ship-safe-scan
description	Quick scan for leaked secrets — API keys, passwords, tokens, database URLs. Use when the user wants to check for hardcoded secrets or exposed credentials.
argument-hint	[path]

Ship Safe — Secret Scan

You are scanning this project for leaked secrets using Ship Safe's pattern matching and entropy analysis engine.

Step 1: Run the scan

npx ship-safe@latest scan $ARGUMENTS --json 2>/dev/null

If $ARGUMENTS is empty, default to .:

npx ship-safe@latest scan . --json 2>/dev/null

The command exits 0 if clean, 1 if secrets found. Capture stdout regardless.

Step 2: Parse the JSON output

The JSON output has this structure:

{
  "filesScanned": 234,
  "totalFindings": 5,
  "clean": false,
  "findings": [
    {
      "file": "src/config.js",
      "findings": [
        {
          "line": 42,
          "type": "Stripe Live Secret Key",
          "severity": "critical",
          "description": "Hardcoded Stripe live secret key found",
          "matched": "sk_live_****"
        }
      ]
    }
  ]
}

Step 3: Report

If clean: Confirm no secrets were found. Report how many files were scanned. This is good news!

If secrets found:

List each finding grouped by file:
- File path and line number
- Secret type (e.g., "AWS Access Key", "GitHub Token", "Database URL")
- Severity level
Never display actual secret values — even partial matches should be referred to by type only
If multiple secrets are in the same file, group them together

Step 4: Remediate

For each secret found, offer to fix it:

Replace the hardcoded secret with an environment variable reference:
- JavaScript/TypeScript: process.env.VARIABLE_NAME
- Python: os.environ.get('VARIABLE_NAME')
- Use a descriptive variable name based on the secret type (e.g., STRIPE_SECRET_KEY, DATABASE_URL)

Create or update .env.example with placeholder values:

STRIPE_SECRET_KEY=sk_live_your_key_here
DATABASE_URL=postgresql://user:password@host:5432/db

Ensure .env is in .gitignore — check and add if missing
Warn about git history — if the secret was already committed, it exists in git history. Recommend:
- Rotating the credential immediately (mention npx ship-safe rotate)
- Consider using git filter-branch or BFG Repo Cleaner to remove from history
Suggest auto-fix — mention /ship-safe-fix for bulk remediation, or /ship-safe-baseline to baseline known findings

Read the file and surrounding context before making any changes. Apply fixes only after presenting the findings, unless the user asked for auto-fix.

related-skills.json

mesmo repositório

ship-safe-hooks.md

from "asamassekou10/ship-safe"

Install ship-safe as real-time Claude Code hooks — blocks secrets and dangerous commands before they land on disk. Use when the user wants automatic security scanning on every file write or bash command.

2026-04-01712

ship-safe-baseline.md

from "asamassekou10/ship-safe"

Manage your security baseline — accept current findings as known debt, then only report new regressions on future scans. Use when the user wants to adopt security scanning incrementally or suppress existing findings.

2026-03-17712

ship-safe-ci.md

from "asamassekou10/ship-safe"

Run Ship Safe in CI mode — compact output, exit codes, SARIF generation. Use when the user wants to set up CI/CD security gates or test their pipeline configuration.

2026-03-17712

ship-safe-deep.md

from "asamassekou10/ship-safe"

Run a deep security audit with LLM-powered taint analysis — regex scan nominates findings, then an LLM verifies taint reachability and exploitability. Use when the user wants thorough, high-confidence results with fewer false positives.

2026-03-17712

ship-safe-fix.md

from "asamassekou10/ship-safe"

Auto-fix security issues — remediate hardcoded secrets and common vulnerabilities (TLS bypass, debug mode, XSS, shell injection, Docker :latest). Use when the user wants to automatically fix security findings.

2026-03-17712

ship-safe-red-team.md

from "asamassekou10/ship-safe"

Run a multi-agent red team scan — 16 specialized security agents scan for 80+ attack classes including injection, auth bypass, SSRF, supply chain, Supabase RLS, MCP security, agentic AI, RAG poisoning, PII compliance, and more. Use when the user wants a deep security analysis beyond just secrets.

2026-03-17712

package.json

"author": "asamassekou10"

"repository": "asamassekou10/ship-safe"

Abrir repositório GitHub Ver repositórios do creator

$ install --global

$ download --local

Executar no Manus

$ useful --forSOC

Analistas de segurança da informaçãoInformática e Matemática15-1212L4

Ship Safe — Secret Scan

You are scanning this project for leaked secrets using Ship Safe's pattern matching and entropy analysis engine.

Step 1: Run the scan

npx ship-safe@latest scan $ARGUMENTS --json 2>/dev/null

If $ARGUMENTS is empty, default to .:

npx ship-safe@latest scan . --json 2>/dev/null

The command exits 0 if clean, 1 if secrets found. Capture stdout regardless.

Step 2: Parse the JSON output

The JSON output has this structure:

{ "filesScanned": 234, "totalFindings": 5, "clean": false, "findings": [ { "file": "src/config.js", "findings": [ { "line": 42, "type": "Stripe Live Secret Key", "severity": "critical", "description": "Hardcoded Stripe live secret key found", "matched": "sk_live_****" } ] } ] }

Step 3: Report

If clean: Confirm no secrets were found. Report how many files were scanned. This is good news!

If secrets found:

List each finding grouped by file:

File path and line number
Secret type (e.g., "AWS Access Key", "GitHub Token", "Database URL")
Severity level

Never display actual secret values — even partial matches should be referred to by type only

If multiple secrets are in the same file, group them together

Step 4: Remediate

For each secret found, offer to fix it:

Replace the hardcoded secret with an environment variable reference:

JavaScript/TypeScript: process.env.VARIABLE_NAME
Python: os.environ.get('VARIABLE_NAME')
Use a descriptive variable name based on the secret type (e.g., STRIPE_SECRET_KEY, DATABASE_URL)

Create or update .env.example with placeholder values:

STRIPE_SECRET_KEY=sk_live_your_key_here
DATABASE_URL=postgresql://user:password@host:5432/db

Ensure .env is in .gitignore — check and add if missing

Warn about git history — if the secret was already committed, it exists in git history. Recommend:

Rotating the credential immediately (mention npx ship-safe rotate)
Consider using git filter-branch or BFG Repo Cleaner to remove from history

Suggest auto-fix — mention /ship-safe-fix for bulk remediation, or /ship-safe-baseline to baseline known findings

Read the file and surrounding context before making any changes. Apply fixes only after presenting the findings, unless the user asked for auto-fix.

ship-safe-scan

Ship Safe — Secret Scan

Step 1: Run the scan

Step 2: Parse the JSON output

Step 3: Report

Step 4: Remediate

Mais deste repositório

Mais deste repositório

Ship Safe — Secret Scan

Step 1: Run the scan

Step 2: Parse the JSON output

Step 3: Report

Step 4: Remediate