What secrets does SpecStory Guard detect?

It identifies common sensitive patterns including AWS access keys, GitHub tokens, Bearer tokens, RSA private keys, and generic credential strings like 'password=' or 'api_key='.

How do I fix a blocked commit?

When the hook blocks a commit, review the reported file and line number, redact the sensitive information (e.g., replace it with [REDACTED]), and then attempt the commit again.

Can I ignore false positives?

Yes, you can use the SPECSTORY_GUARD_ALLOWLIST environment variable to define comma-separated regex patterns for keys or placeholders you want the scanner to ignore.

Does this tool require external dependencies?

No, SpecStory Guard is built with pure Python and has no external dependencies, ensuring it runs quickly and safely in any environment.

SpecStory Guard

Name: SpecStory Guard
Author: organvm-iv-taxis

byorganvm-iv-taxis

•

Security & Testing

Secures your SpecStory history by automatically scanning for and blocking the commit of sensitive credentials and API keys.

SpecStory Guard is a security-focused tool designed to prevent the accidental leakage of sensitive information contained within SpecStory history files. By installing a lightweight Git pre-commit hook, it automatically identifies common secret patterns—such as AWS keys, Bearer tokens, and private keys—before they are committed to a repository. This skill is essential for developers using AI-assisted coding tools that record conversation history, ensuring that environment variables, passwords, or credentials captured during chat sessions stay private and secure.

Key Features

012 GitHub stars

02Automated pre-commit Git hook installation for continuous protection

03Manual scan capabilities for on-demand security audits of history files

04Regex-based detection for AWS keys, GitHub tokens, and private keys

05Customizable allowlist to handle false positives and placeholders

06Detailed security reporting with redacted previews for safe remediation

Use Cases

01Preventing API keys captured in AI chat history from being pushed to public repositories

02Ensuring team-wide compliance with credential safety standards in collaborative AI projects

03Performing a security audit on existing history files before a major release

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add organvm-iv-taxis/a-i--skills specstory-guard

For use in Claude.ai and ChatGPT

Download Skill