{"manifest":{"name":"Secrets Leak Scanner","version":"1.0.0","description":"Scans your codebase for hardcoded credentials, API keys, and secrets before they reach production. Detects Anthropic, OpenAI, Stripe, AWS, GitHub tokens and generic password patterns with file:line citations.","tags":["security","secrets","credentials","scanning","devops"],"standard":"agentskills.io","standard_version":"1.0","content_checksum":"b804d753d51a98c1f509facf009304ddbf393d7b0270a6c3ef9e6037d1f3705b","bundle_checksum":null,"metadata":{},"files":[]},"files":{"SKILL.md":"\n# Secrets Leak Scanner\n\nScan a codebase or set of files for hardcoded credentials, API keys, and secrets\nthat should never be committed to version control.\n\n## What This Skill Does\n\nSearches across all tracked files for patterns that match known credential formats:\n- **API keys**: Anthropic (`sk-ant-`), OpenAI (`sk-`), Stripe (`sk_live_`/`sk_test_`)\n- **Cloud keys**: AWS access keys (`AKIA`), GitHub tokens (`ghp_`, `gho_`, `ghs_`)\n- **Auth tokens**: Bearer tokens, JWTs, PEM private key blocks\n- **Connection strings**: Database URLs with embedded passwords\n- **Environment assignments**: `SECRET=`, `API_KEY=`, `PASSWORD=`, `TOKEN=` with long values\n\n## How to Use\n\nInvoke this skill with a target directory or list of files to scan:\n\n```\nScan ./src for any hardcoded secrets or credentials.\n```\n\nOr with specific files:\n\n```\nCheck these files for leaked keys: .env.backup, scripts/deploy.sh, config/legacy.js\n```\n\n## Output Format\n\nEach finding is reported as:\n```\n[SEVERITY] path/to/file.ext:LINE_NUMBER — Description of what was found\n  Pattern: <pattern type> (<provider>)\n  Action: <recommended remediation>\n```\n\nSeverity levels: `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`\n\n## After Scanning\n\nFor each finding:\n1. **Rotate the credential immediately** — treat it as compromised\n2. **Remove from git history** using `git filter-repo` or BFG Repo Cleaner\n3. **Add to `.gitignore`** if it was an accidentally committed file\n4. **Use a secrets manager** (AWS Secrets Manager, Vault, 1Password) for the replacement\n\n## Rules\n\n- Never print the actual secret value in the report — only the pattern type and location\n- Always include the file path and line number for each finding\n- Group findings by severity (CRITICAL first)\n- Include a summary count at the end\n- Recommend immediate rotation for any CRITICAL or HIGH finding\n\n## Attribution\n\nPart of the SkillSlap security toolkit. For questions or improvements, visit skillslap.com.\n"}}