From github-sensitive-data-cleanup
Scan and remove secrets, API keys, PII from GitHub repo history with safety checks, backups, and verification.
How this skill is triggered — by the user, by Claude, or both
Slash command
/github-sensitive-data-cleanup:github-sensitive-data-cleanupThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill guides you through safely removing sensitive data from a Git
This skill guides you through safely removing sensitive data from a Git repository's history and pushing the cleaned history to GitHub. It encodes the hard-won lessons from real incidents: scan first, backup before rewriting, verify after rewriting, and never force-push to a public repo without checking its visibility and fork count.
The bundled scripts automate the mechanical parts:
scripts/scan_repo.py — scan the repo for secrets and private context.scripts/rewrite_history.py — create a backup and rewrite history with
git-filter-repo.scripts/verify_cleanup.py — confirm the sensitive content is gone.scripts/safe_push.py — verify repo visibility and push safely.This skill is conservative by design. If any safety check fails, it stops and asks for human confirmation rather than continuing.
Trigger this skill when the user:
git filter-repo, BFG, git-filter-branch, or history rewrite.Install these tools once per machine:
# git-filter-repo (modern replacement for git-filter-branch)
brew install git-filter-repo
# gitleaks (secret scanner)
brew install gitleaks
# GitHub CLI
brew install gh
The scripts assume git-filter-repo and gitleaks are on PATH. The skill
will check this before running destructive operations.
git bundle or a fresh bare clone.gh repo view before any push. Do not infer
public/private from the URL or directory name.--no-verify to bypass hooks. If the PII Guard hook fails,
fix the underlying issue or add an allowlist; do not bypass.--force-with-lease first. Fall back to --force only if the
remote ref is stale because of the rewrite itself.git log is not enough; re-run the
scanner and do an AI semantic review.cd /path/to/repo
git status --short
git remote -v
Run the scanner to find what needs to be removed:
uv run --with gitpython scripts/scan_repo.py --repo /path/to/repo --output /tmp/scan-report.json
The scanner auto-loads repo-specific patterns from .pii-patterns in the repo
root. If that file contains real private domains, do not commit it — add it
to .gitignore or keep it outside the repo. rewrite_history.py will abort if
the working tree has untracked files.
To enable Layer 3 (private infrastructure context from your gitleaks config and an optional identities file):
uv run --with gitpython scripts/scan_repo.py \
--repo /path/to/repo \
--gitleaks-config ~/scripts/git-pii-guard/gitleaks.toml \
--identities-file ~/.config/github-sensitive-data-cleanup/identities.txt \
--output /tmp/scan-report.json
The --gitleaks-config flag reads private-domain-context and
private-ip-context rules from your private gitleaks config. The real patterns
stay in your private config; nothing is copied into this public skill.
Review /tmp/scan-report.json. It includes:
gitleaks findings (secrets, API keys, tokens).If nothing sensitive is found, stop. Do not rewrite history.
Regex scanners (Layers 1-3) cannot catch novel private context: real names, project codenames, transcript snippets, internal meeting references, or architecture descriptions. You must do an AI semantic review.
Use the prompt in references/ai_semantic_review_prompt.md on the flagged
commits. Re-run the review until no new private context is found.
If you skip this step, you may push private context that gitleaks never knew to look for.
For each finding, decide:
.gitignore or allowlist (for false positives only).Live secrets must be rotated before history cleanup. Removing history does not invalidate a secret that has already been exposed.
Create a text file with one replacement per line in git-filter-repo
--replace-text format:
literal:internal.example.com==>example.com
literal:private.example.org==>example.org
literal:sk-example-aaaaaaaaaaaaaaaa==>sk-example-REDACTED
Replace these with your actual sensitive strings. Do not commit the real values; keep the replacements file outside the repository.
Use literal: for exact string matches. For regex replacements, use
regex: (only if you are confident in the pattern).
Save this file outside the repo, e.g. /tmp/sensitive-replacements.txt.
uv run scripts/rewrite_history.py --repo /path/to/repo \
--replacements /tmp/sensitive-replacements.txt \
--backup /tmp/repo-backup.bundle
This script:
git-filter-repo is installed and executable.git bundle backup of the current state.git bundle verify.git filter-repo --replace-text.If the backup or verification step fails, the script stops. Do not proceed manually.
uv run scripts/verify_cleanup.py --repo /path/to/repo --replacements /tmp/sensitive-replacements.txt
This re-runs the scanner and also checks that none of the original sensitive strings remain in any commit. If it finds anything, go back to Step 3.
uv run scripts/safe_push.py --repo /path/to/repo --remote origin --branch main
This script:
gh repo view to confirm visibility, isPrivate, and forks.--force-with-lease first.--force only if the remote ref is stale because of the
local rewrite.--no-verify.If the PII Guard hook fails, fix the issue and re-run. Do not bypass.
After the push succeeds:
scripts/scan_repo.pyRuns gitleaks and a custom bash/grep layer for patterns that gitleaks does
not cover (private domains, internal IPs, Chinese phone numbers, certain PII).
Outputs a JSON report.
uv run --with gitpython scripts/scan_repo.py --repo /path/to/repo --output /tmp/report.json
scripts/rewrite_history.pyCreates a backup bundle and runs git filter-repo --replace-text.
uv run --with gitpython scripts/rewrite_history.py \
--repo /path/to/repo \
--replacements /tmp/sensitive-replacements.txt \
--backup /tmp/repo-backup.bundle
scripts/verify_cleanup.pyRe-runs the scanner and greps all commits for the original sensitive strings.
uv run --with gitpython scripts/verify_cleanup.py \
--repo /path/to/repo \
--replacements /tmp/sensitive-replacements.txt
scripts/safe_push.pyChecks visibility and pushes safely.
uv run --with gitpython scripts/safe_push.py --repo /path/to/repo --remote origin --branch main
Rewriting history invalidates commit refs in open PRs. After push:
main.main,
and cherry-pick the changes as new commits.Public forks retain the old history until their owners sync. For high-risk leaks (live secrets, production credentials), consider:
For lower-risk leaks (internal domain names, placeholder IPs), document the rewrite and move on.
git filter-repo reports "need a fresh clone"git-filter-repo refuses to run on repos with multiple remotes or non-origin
refs. To fix:
git clone --mirror /path/to/repo /tmp/repo-mirror.git
cd /tmp/repo-mirror.git
# run rewrite_history.py against the mirror
If gitleaks flags documentation examples or test fixtures, add an allowlist
entry to the repo's .gitleaks.toml or .gitleaksignore (never use
--no-verify). See references/tooling_notes.md for allowlist patterns.
references/incident-lessons.md — what went wrong in real cleanups and how
this skill prevents those mistakes.references/tooling_notes.md — choosing between git-filter-repo and BFG,
allowlist patterns, and common errors.references/ai_semantic_review_prompt.md — Layer 4 AI semantic review prompt
for finding private context that regex cannot catch.npx claudepluginhub p/daymade-github-sensitive-data-cleanup-github-sensitive-data-cleanupScans git repos for leaked secrets, rewrites history to remove them using git-filter-repo/BFG, and configures .gitignore and pre-commit hooks. Activate for security audits or scrubbing credentials.
Runs gitleaks scans for secret detection, validates configurations, and integrates with pre-commit hooks to prevent credential leaks in Git repos.
Use when the user says 'git-guard', 'check git protection', 'is this repo protected', 'verify gitleaks', 'set up git hooks', 'install git-guard', or wants to confirm a repo blocks secrets and internal files before commit. This is an installer and verifier, NOT a scanner (gitleaks does the actual scanning). Do NOT use for deep secret audits or RLS work.