secret-scanner | web-audit-tools | ClaudePluginHub

Skill

Community

secret-scanner

From web-audit-tools

0

Description

Scans git repositories for hardcoded secrets, credentials, and API keys using Gitleaks. Returns findings with severity, location, and remediation steps. Use when user asks to "scan for secrets", "detect credentials", "find API keys", "check for leaks", "シークレット検出", "認証情報スキャン".

Install

1

Add the repository(one-time)

$

/plugin marketplace add naporin0624/claude-web-audit-plugins

2

Install the plugin

$

/plugin install web-audit-tools@web-audit-marketplace

Tool Access

This skill inherits all available tools. When active, it can use any tool Claude has access to.

Supporting Assets

View in Repository

dist/index.js

package.json

src/index.ts

src/types.ts

tsconfig.json

Skill Content

Secret Scanner

Wrapper for Gitleaks to detect hardcoded secrets in git repositories.

Prerequisites

Gitleaks must be installed:

# macOS
brew install gitleaks

# Go
go install github.com/gitleaks/gitleaks/v8@latest

# Docker
docker pull zricethezav/gitleaks

Usage

# Scan current directory
npx secret-scanner .

# Scan with JSON output
npx secret-scanner . --json

# Scan specific path
npx secret-scanner /path/to/repo

# Check if gitleaks is installed
npx secret-scanner --check

Output Format

{
  "tool": "gitleaks",
  "scanPath": ".",
  "findings": [
    {
      "id": "aws-access-key-id",
      "severity": "critical",
      "description": "AWS Access Key ID detected",
      "file": "config.js",
      "line": 15,
      "secret": "AKIA***REDACTED***",
      "commit": "abc1234",
      "author": "developer@example.com",
      "date": "2024-01-15T10:30:00Z"
    }
  ],
  "summary": {
    "total": 1,
    "critical": 1,
    "high": 0,
    "medium": 0,
    "low": 0
  }
}

Exit Codes

0: No secrets found
1: Secrets detected
2: Tool not installed or error

Severity Mapping

Gitleaks Rule	Severity
aws-access-key-id	critical
private-key	critical
password	high
api-key	high
token	medium
generic-credential	low

CWE Coverage

CWE-798: Use of Hard-coded Credentials
CWE-259: Use of Hard-coded Password
CWE-321: Use of Hard-coded Cryptographic Key
CWE-312: Cleartext Storage of Sensitive Information

Links

GitHub Stats

0 forks

Updated 2 days ago

Similar Skills

Agent Development

This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.

47.1k

Command Development

This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.

47.1k

Hook Development

This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.

47.1k