Loading...
Loading...
Found 12 Skills
Run Gitleaks to detect hardcoded secrets in git repositories. Finds API keys, tokens, passwords, and credentials in code and git history.
Run security audit with GitLeaks pre-commit hook setup and code analysis
One-time project onboarding for swain. Migrates existing CLAUDE.md content to AGENTS.md (with the @AGENTS.md include pattern), verifies vendored tk (ticket) for task tracking, configures pre-commit security hooks (gitleaks default), and offers to add swain governance rules. Run once when adopting swain in a new project — use swain-doctor for ongoing per-session health checks.
Run all security scanners against the project and produce a unified, severity-bucketed report. Orchestrates gitleaks (secrets), osv-scanner/trivy (dependency vulns), semgrep (static analysis), context-file injection scanner (built-in), and repo hygiene checks (built-in). Missing scanners are skipped with install hints — the scan always completes. Triggers on: 'security check', 'security scan', 'run security', 'scan for secrets', 'check for vulnerabilities', 'security audit', 'audit dependencies', 'check secrets', 'find vulnerabilities', 'scan codebase'.
Pre-commit security validation and secret detection. Runs gitleaks scan and validates configuration, integrates with pre-commit hooks to prevent credential leaks. Use when user mentions scanning for secrets, gitleaks, secret detection, credential scanning, pre-commit security, or .gitleaks.toml.
Secret detection and credential scanning using gitleaks. Use when scanning repositories for leaked secrets, API keys, passwords, tokens, or implementing pre-commit security checks.
Review secret detection patterns and scanning workflows. Use for identifying high-signal secrets like AWS keys, GitHub tokens, and DB passwords. Use proactively during all security audits to scan code and history. Examples: - user: "Scan for secrets in this repo" → run high-signal rg patterns and gitleaks - user: "Check for AWS keys" → scan for AKIA patterns and server-side exposure - user: "Audit my .env files" → ensure secrets are gitignored and not committed - user: "Verify secret redaction" → check that reported secrets follow 4+4 format - user: "Scan build artifacts for keys" → search dist/ and build/ for secret patterns
Use when checking code quality, running security audits, testing coverage, finding violations, or setting up quality tools - supports Drupal (PHPStan, PHPMD, PHPCPD, Psalm, Semgrep, Trivy, Gitleaks via DDEV) and Next.js (ESLint, Jest, jscpd, madge, Semgrep, Trivy, Gitleaks) projects with TDD, SOLID, DRY, and OWASP security checks
Scans codebase for hardcoded secrets. Returns normalized findings with severity and remediation guidance. Pre-commit hook integration.
Smart git commit with short, concise messages. Use when the user wants to commit changes, stage files, or create git commits.
Detects hardcoded secrets, API keys, passwords, and credentials in source code. Use when checking for leaked secrets, credential exposure, or before committing code.
Detects leaked API keys, tokens, passwords, and credentials in code with pre-commit hooks, CI checks, scanning rules, and remediation procedures. Use for "secret scanning", "credential detection", "API key leaks", or "secret management".