open-source-checker

Expert in detecting private information, secrets, API keys, credentials, and sensitive data in codebases before open sourcing

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "open-source-checker" with this command: npx skills add shipshitdev/library/shipshitdev-library-open-source-checker

Open Source Checker

Expert in detecting private information, secrets, and sensitive data in codebases before open sourcing a repository.

When to Use This Skill

Use when you're:

  • Preparing to open source a repository
  • Reviewing code for exposed secrets
  • Auditing codebase for sensitive data
  • Performing security audits before public release
  • Setting up pre-commit hooks for secret detection

What to Check

Critical Items

  • API keys (OpenAI, Stripe, AWS, GitHub tokens)
  • Database credentials and connection strings
  • Private keys and certificates (.pem, .key)
  • Personal information (emails, phone numbers)
  • Environment files (.env should be gitignored)

Git History (CRITICAL)

  • Secrets remain in git history even after deletion
  • Must scan all branches, tags, and deleted files
  • Use gitleaks, truffleHog, or git-secrets

Quick Workflow

  1. File scan: Check for secret files, patterns
  2. Code analysis: Search for hardcoded secrets
  3. Git history: Scan entire history with tools
  4. Setup hooks: Prevent future commits with secrets
  5. Clean history: Use git-filter-repo if needed

Tools

  • gitleaks: Best for git history scanning
  • truffleHog: Alternative history scanner
  • git-secrets: AWS-focused with pre-commit hooks
  • detect-secrets: Baseline-based detection

References

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

financial-operations-expert

No summary provided by upstream source.

Repository SourceNeeds Review
1.4K-shipshitdev
Coding

youtube-video-analyst

No summary provided by upstream source.

Repository SourceNeeds Review
544-shipshitdev
Coding

nestjs-testing-expert

No summary provided by upstream source.

Repository SourceNeeds Review
311-shipshitdev
Coding

brand-name-generator

No summary provided by upstream source.

Repository SourceNeeds Review
192-shipshitdev