一键导入
security-scan
Run three secret-scanning tools against the codebase to detect credentials, API keys, tokens, and other sensitive data before committing.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Run three secret-scanning tools against the codebase to detect credentials, API keys, tokens, and other sensitive data before committing.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Safe, project-wide remediation of a dangerous or incorrect code pattern using structured search and replace.
Run a multi-faceted code review on uncommitted changes using specialized review subagents.
Create an Architectural Decision Record (ADR) to document a design choice or technical strategy.
Run a multi-faceted code review on uncommitted changes using specialized review subagents.
Commit (if needed), push the current branch to origin, and generate a pull request description in the chat.
Generate a session handoff document capturing the current working state for the next session.
| name | security-scan |
| description | Run three secret-scanning tools against the codebase to detect credentials, API keys, tokens, and other sensitive data before committing. |
| metadata | {"author":"cascadian-gamers","version":"1.0"} |
Run three secret-scanning tools against the codebase to detect credentials, API keys, tokens, and other sensitive data before committing.
All three tools installed via Homebrew:
brew install git-secrets trufflehog gitleaks
git-secrets must be initialized in the repo (one-time):
cd /Users/hodok/repos/ExtraLife-AWS
git secrets --install --force
git secrets --register-aws
Determine the scan scope. Default: Source/, src/, Database/, and Infrastructure/. If the user specifies directories, use those instead.
Run all three scanners:
cd /Users/hodok/repos/ExtraLife-AWS
echo "=== git-secrets ==="
git secrets --scan -r Source/ src/ Database/ Infrastructure/ 2>&1
echo "Exit: $?"
echo "=== gitleaks ==="
gitleaks detect --source . --no-git --verbose 2>&1
echo "Exit: $?"
echo "=== trufflehog ==="
trufflehog filesystem Source/ src/ Database/ Infrastructure/ --no-update 2>&1
echo "Exit: $?"
CERT_PASSWORD, test data, or example values in docs)..gitignore if appropriate.| Tool | Strengths |
|---|---|
git-secrets | AWS-specific patterns (AKIA keys, secret keys). Also installs pre-commit hooks to block future commits. |
gitleaks | Broad regex rules — API keys, tokens, passwords, auth headers, high-entropy strings. Scans all files. |
trufflehog | Entropy-based detection + known credential patterns. Can verify secrets against live APIs. |
CERT_PASSWORD in Dockerfiles and README.md — placeholder for local dev SSL certsDocs/ and Docs/Archive/ with placeholder values — documentation examplesappsettings.Development.json — local dev config with non-sensitive defaults.kiro/context/ session handoff files referencing AWS resource IDs (not secrets)push-and-pr.Docs/ with placeholder values are false positives — note them but don't block.