Can it help prevent secrets from being committed to Git?

Yes, it provides recommendations for .gitignore configurations and can help you set up Git pre-commit hooks to scan for secrets locally.

What types of secrets does this skill detect?

It detects a wide range of sensitive data including AWS Access Keys, GitHub Tokens, Stripe keys, private SSH keys, database connection strings, and hardcoded password assignments.

Does it help with environment variable management?

Yes, it suggests replacing hardcoded secrets with environment variable references and can generate .env.example templates for your project.

Will this skill stop me from writing code?

It only blocks the write process if high-severity secrets (like AWS Secret Keys or GitHub Tokens) are detected, ensuring you don't accidentally leak critical credentials.

Secrets Validator

Name: Secrets Validator
Author: cassao29

bycassao29

0•

Security & Testing

Detects and prevents the exposure of credentials, API keys, and sensitive data within code and configuration files.

The Secrets Validator skill acts as a critical security layer for your development workflow, automatically identifying over 20 types of sensitive information including AWS keys, GitHub tokens, and database connection strings. By integrating high-severity blocking and medium-severity warnings into the coding process, it prevents accidental exposure of private data before it reaches version control. The skill also facilitates best practices by suggesting environment variable patterns, generating .env.example templates, and validating .gitignore files to ensure your infrastructure remains secure.

Key Features

01High-severity blocking to prevent accidental writes of sensitive data

02Validation of .gitignore patterns to exclude sensitive configuration files

03Real-time scanning for cloud provider credentials and OAuth tokens

04Automated detection of RSA/DSA/EC private keys and database URLs

05Best-practice recommendations for environment variable management

060 GitHub stars

Use Cases

01Standardizing secure environment configurations across development teams

02Preventing the accidental commitment of production API keys to public repositories

03Auditing legacy codebases to identify and migrate hardcoded credentials

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add cassao29/claude-secure-plugins secrets-validator

For use in Claude.ai and ChatGPT

Download Skill