[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-skill-jwynia-secrets-scan-uk":3,"guides-for-jwynia-secrets-scan":220,"similar-k17dd4qv51q8jrhw8tccjdhr3s867v72":221},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":19,"identity":186,"isFallback":191,"parentExtension":192,"providers":193,"relations":197,"repo":199,"workflow":217},1778053622473.674,"k17dd4qv51q8jrhw8tccjdhr3s867v72",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":12,"sourceUrl":13,"tags":14},"Detect API keys, passwords, tokens, and other secrets in code. Use when you need to find hardcoded credentials and sensitive data in source code.",{},"Secrets Scan","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/security/secrets-scan",[15,16,17,18],"security","secrets","code-analysis","developer-tools",{"_creationTime":20,"_id":21,"extensionId":5,"locale":22,"result":23,"trustSignals":174,"workflow":184},1778054012697.0671,"kn75pm68trp8d9k86sbybw4t99867ve4","en",{"checks":24,"evaluatedAt":164,"extensionSummary":165,"promptVersionExtension":166,"promptVersionScoring":167,"rationale":168,"score":169,"summary":170,"tags":171,"targetMarket":172,"tier":173},[25,30,33,36,40,43,47,51,54,57,61,66,69,73,76,79,82,85,88,91,94,98,102,106,110,113,116,119,123,126,129,132,135,138,142,145,148,151,154,157,161],{"category":26,"check":27,"severity":28,"summary":29},"Practical Utility","Problem relevance","pass","The description clearly states the problem of detecting hardcoded credentials and sensitive data in source code, which is a concrete user pain point.",{"category":26,"check":31,"severity":28,"summary":32},"Unique selling proposition","The skill provides a dedicated and specialized set of patterns and detection methods for secrets, offering more than a basic LLM capability by focusing on specific credential types and entropy analysis.",{"category":26,"check":34,"severity":28,"summary":35},"Production readiness","The skill is production-ready, offering comprehensive detection for various secret types, example commands, output formats, and integration options for CI/CD and pre-commit hooks, covering the complete lifecycle of secret detection.",{"category":37,"check":38,"severity":28,"summary":39},"Scope","Single responsibility principle","The skill focuses solely on detecting secrets in code, adhering to a single responsibility.",{"category":37,"check":41,"severity":28,"summary":42},"Description quality","The displayed description accurately and concisely reflects the skill's functionality.",{"category":44,"check":45,"severity":28,"summary":46},"Invocation","Scoped tools","The skill uses narrow verb-noun tools and commands like `/secrets-scan` with specific flags (e.g., `--scope`, `--entropy`) for focused operations.",{"category":48,"check":49,"severity":28,"summary":50},"Documentation","Configuration & parameter reference","All parameters such as `--scope`, `--entropy`, `--git-history`, `--since`, `--exclude` are documented with examples.",{"category":37,"check":52,"severity":28,"summary":53},"Tool naming","The primary tool `secrets-scan` is descriptive, and command-line arguments are clear.",{"category":37,"check":55,"severity":28,"summary":56},"Minimal I/O surface","Input parameters are well-defined flags and the output format is structured into a clear report and summary statistics, only returning what is necessary.",{"category":58,"check":59,"severity":28,"summary":60},"License","License usability","The license is MIT, a permissive open-source license, clearly declared in the SKILL.md frontmatter and matching the README.",{"category":62,"check":63,"severity":64,"summary":65},"Maintenance","Commit recency","not_applicable","The repository's last commit date is not available, so commit recency cannot be evaluated.",{"category":62,"check":67,"severity":28,"summary":68},"Dependency Management","The skill relies on Node.js and common tools like git and potentially `npx husky`, which are standard and manageable. The `package.json` would typically handle this; the skill's direct dependencies are minimal.",{"category":70,"check":71,"severity":28,"summary":72},"Security","Secret Management","The skill is designed to detect secrets and does not appear to echo resolved secret values into stdout/stderr. Its purpose is to identify secrets, not to handle or transmit them.",{"category":70,"check":74,"severity":28,"summary":75},"Injection","The skill's purpose is to scan code for secrets, implying it treats all loaded data as text to be analyzed rather than instructions to execute. No explicit clauses about treating files as data were found, but the function is not to interpret content.",{"category":70,"check":77,"severity":28,"summary":78},"Transitive Supply-Chain Grenades","The skill appears to operate on committed files and local git history. There are no indications of runtime downloads or execution of external scripts.",{"category":70,"check":80,"severity":28,"summary":81},"Sandbox Isolation","The skill operates on local files and git history, and its commands like `git filter-branch` and `git rm` are within standard developer workflows. It does not attempt to write outside the project directory or its own scope.",{"category":70,"check":83,"severity":28,"summary":84},"Sandbox escape primitives","No detached-process spawns or deny-retry loops were detected in the script examples or descriptions.",{"category":70,"check":86,"severity":28,"summary":87},"Data Exfiltration","The skill's function is to detect secrets locally. There are no imperative instructions to read and submit confidential data to any third party. All outbound calls are implicitly to Git commands which are local operations.",{"category":70,"check":89,"severity":28,"summary":90},"Hidden Text Tricks","The bundled files appear to be free of hidden-steering tricks like HTML comments or invisible Unicode characters.",{"category":70,"check":92,"severity":28,"summary":93},"Opaque code execution","The scripts and commands referenced (e.g., `git`, `npx`) are standard and readable; there's no evidence of obfuscation, base64 payloads, or runtime script fetching.",{"category":95,"check":96,"severity":28,"summary":97},"Portability","Structural Assumption","The skill primarily operates on files provided via scope arguments or git history, which are standard structures. It doesn't make assumptions about deep, specific project layouts beyond what Git provides.",{"category":99,"check":100,"severity":64,"summary":101},"Trust","Issues Attention","Issue data is not available.",{"category":103,"check":104,"severity":28,"summary":105},"Versioning","Release Management","The SKILL.md frontmatter declares version `1.0`.",{"category":107,"check":108,"severity":28,"summary":109},"Code Execution","Validation","Input parameters like `--scope` and `--since` appear to be validated through standard command-line argument parsing, and the output is structured.",{"category":70,"check":111,"severity":28,"summary":112},"Unguarded Destructive Operations","While commands like `git filter-branch` can be destructive, they are typically used with user intent or are part of established Git workflows. The skill's description does not indicate it performs unattended destructive operations without user confirmation or clear scoping.",{"category":107,"check":114,"severity":28,"summary":115},"Error Handling","The skill utilizes standard command-line tools and arguments, which typically provide non-zero exit codes for errors. The output format for findings is structured, implying error handling is present.",{"category":107,"check":117,"severity":28,"summary":118},"Logging","The skill's output format includes summary statistics and detailed findings, effectively acting as an audit log for the scan performed.",{"category":120,"check":121,"severity":28,"summary":122},"Compliance","GDPR","The skill operates on code files and Git history, which may contain personal data but does not actively process or submit it to third parties. Its function is local analysis.",{"category":120,"check":124,"severity":28,"summary":125},"Target market","The skill is a general-purpose code analysis tool and does not exhibit any regional or jurisdictional logic, making it globally applicable.",{"category":95,"check":127,"severity":28,"summary":128},"Runtime stability","The skill relies on standard command-line tools and Node.js, which are broadly compatible. It does not appear to make OS-specific assumptions.",{"category":44,"check":130,"severity":28,"summary":131},"Precise Purpose","The description and frontmatter clearly define the skill's purpose: detecting secrets in code, and specifies when to use it ('find hardcoded credentials and sensitive data in source code').",{"category":44,"check":133,"severity":28,"summary":134},"Concise Frontmatter","The frontmatter is concise and provides a clear summary of the skill's core capability and usage.",{"category":48,"check":136,"severity":28,"summary":137},"Concise Body","The SKILL.md body is well-structured and under 500 lines, with detailed regex patterns and output examples separated appropriately.",{"category":139,"check":140,"severity":28,"summary":141},"Context","Progressive Disclosure","Detailed detection patterns and output formats are presented within the SKILL.md, but lengthy explanations or complex procedures are not embedded; the structure supports progressive disclosure.",{"category":139,"check":143,"severity":64,"summary":144},"Forked exploration","This skill is not designed for deep exploration; it performs a focused scan and reports findings.",{"category":26,"check":146,"severity":28,"summary":147},"Usage examples","Sufficient end-to-end examples are provided, demonstrating various command-line invocations and explaining the expected outcomes.",{"category":26,"check":149,"severity":28,"summary":150},"Edge cases","The skill documents common false positives (example values, test fixtures, documentation) and provides clear instructions on how to handle them via ignore files and inline comments.",{"category":107,"check":152,"severity":64,"summary":153},"Tool Fallback","The skill does not rely on optional external tools like MCP servers; it uses standard command-line utilities.",{"category":95,"check":155,"severity":28,"summary":156},"Stack assumptions","The skill assumes a standard Node.js environment and common command-line tools like `git`, which are clearly implied by the usage examples and dependencies. It does not require exotic runtimes.",{"category":158,"check":159,"severity":28,"summary":160},"Safety","Halt on unexpected state","The skill's nature as a scanner means it implicitly halts if it cannot access files or perform Git operations, and its structured output would indicate such failures.",{"category":95,"check":162,"severity":28,"summary":163},"Cross-skill coupling","The skill is self-contained and does not implicitly rely on other skills. It lists related skills for broader security analysis.",1778054007387,"This skill performs deep detection of hardcoded credentials, API keys, passwords, and other sensitive data within source code using a comprehensive set of patterns. It includes options for entropy analysis, checking git history, and specifying scan scopes, with detailed output reports and guidance on handling false positives and remediating found secrets.","2.0.0","3.4.0","This skill is exceptionally well-documented and robust, with clear instructions, comprehensive examples, and strong adherence to security best practices for a utility of its nature. It correctly identifies and handles potential issues like false positives, and its scope is well-defined. The only minor note is the absence of explicit commit recency data, which is not applicable to its core function.",98,"A highly polished and effective skill for detecting sensitive data in code.",[15,16,17,18],"global","verified",{"codeQuality":175,"collectedAt":176,"documentation":177,"maintenance":179,"security":180,"testCoverage":183},{},1778053993508,{"descriptionLength":178,"readmeSize":8},145,{},{"hasNpmPackage":181,"license":182,"smitheryVerified":181},false,"MIT",{"hasCi":181,"hasTests":181},{"updatedAt":185},1778054012696,{"githubOwner":187,"githubRepo":188,"locale":22,"slug":189,"type":190},"jwynia","agent-skills","secrets-scan","skill",true,null,{"extract":194,"llm":196},{"commitSha":195,"license":182},"e02ec7e226a6e4f8419fd3b88a1d8e472d421b32",{"promptVersionExtension":166,"promptVersionScoring":167,"score":169,"targetMarket":172,"tier":173},{"repoId":198},"kd7efn3mprpa8rd8vm5hw5ebzx864fph",{"_creationTime":200,"_id":198,"identity":201,"providers":203,"workflow":214},1777995558409.897,{"githubOwner":187,"githubRepo":188,"sourceUrl":202},"https://github.com/jwynia/agent-skills",{"discover":204,"github":207},{"sources":205},[206],"skills-sh",{"closedIssues90d":8,"forks":208,"openIssues90d":209,"pushedAt":210,"readmeSize":211,"stars":212,"topics":213},10,2,1771900514000,11924,70,[],{"discoverAt":215,"extractAt":216,"githubAt":216,"updatedAt":216},1777995558409,1778053628601,{"anyEnrichmentAt":218,"extractAt":219,"githubAt":218,"llmAt":185,"updatedAt":185},1778053625386,1778053622473,[],[222,251,272,302,326],{"_creationTime":223,"_id":224,"community":225,"display":226,"identity":237,"providers":241,"relations":245,"workflow":247},1778053380851.3125,"k173xg04zamyvse0m6rer184bd866waj",{"reviewCount":8},{"description":227,"installMethods":228,"name":229,"sourceUrl":230,"tags":231},"Extension from millionco/react-doctor",{},"React Doctor","https://github.com/millionco/react-doctor/tree/HEAD/packages/website",[232,17,233,234,235,236,18],"react","cli","diagnostics","typescript","next-js",{"githubOwner":238,"githubRepo":239,"locale":22,"slug":240,"type":190},"millionco","react-doctor","website",{"extract":242,"llm":244},{"commitSha":243,"license":182},"0053faa0a85dda7d57bc09764ab600655829a4c0",{"promptVersionExtension":166,"promptVersionScoring":167,"score":169,"targetMarket":172,"tier":173},{"repoId":246},"kd7c7y7mgbqtgjw8q3h5pevtgh864s4d",{"anyEnrichmentAt":248,"extractAt":249,"githubAt":248,"llmAt":250,"updatedAt":250},1778053381509,1778053380851,1778053395404,{"_creationTime":252,"_id":253,"community":254,"display":255,"identity":264,"providers":266,"relations":270,"workflow":271},1778053622473.6746,"k17b5tzf5982vcjjxkb4k36qp9867w4x",{"reviewCount":8},{"description":256,"installMethods":257,"name":258,"sourceUrl":259,"tags":260},"Scan code for security vulnerabilities including OWASP Top 10, secrets, and misconfigurations. Use when you need comprehensive security analysis of a codebase.",{},"Security Scan","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/security/security-scan",[15,17,261,262,16,263],"vulnerability-scanning","owasp","compliance",{"githubOwner":187,"githubRepo":188,"locale":22,"slug":265,"type":190},"security-scan",{"extract":267,"llm":268},{"commitSha":195,"license":182},{"promptVersionExtension":166,"promptVersionScoring":167,"score":269,"targetMarket":172,"tier":173},95,{"repoId":198},{"anyEnrichmentAt":218,"extractAt":219,"githubAt":218,"llmAt":185,"updatedAt":185},{"_creationTime":273,"_id":274,"community":275,"display":276,"identity":288,"providers":291,"relations":296,"workflow":298},1778054070894.8628,"k17antgkdftwdz7cf6tkh5kq65867wht",{"reviewCount":8},{"description":277,"installMethods":278,"name":279,"sourceUrl":280,"tags":281},"Autonomous AI pentester for web apps and APIs. Run white-box security assessments with Shannon — analyzes source code, identifies attack vectors, and executes real exploits to prove vulnerabilities. Triggered by 'shannon', 'pentest', 'security audit', 'vuln scan'.",{},"Shannon Skill","https://github.com/unicodeveloper/shannon",[15,282,283,284,285,286,262,287],"pentesting","automation","api","web","exploit","docker",{"githubOwner":289,"githubRepo":290,"locale":22,"slug":290,"type":190},"unicodeveloper","shannon",{"extract":292,"llm":295},{"commitSha":293,"license":294},"6a97124bee816c7cc76c6e17bb2b0fe8c0eae032","AGPL-3.0",{"promptVersionExtension":166,"promptVersionScoring":167,"score":169,"targetMarket":172,"tier":173},{"repoId":297},"kd7dk33pc652m4w5wrxaga9qn5865x26",{"anyEnrichmentAt":299,"extractAt":300,"githubAt":299,"llmAt":301,"updatedAt":301},1778054071281,1778054070894,1778054087802,{"_creationTime":303,"_id":304,"community":305,"display":306,"identity":319,"providers":321,"relations":324,"workflow":325},1778053622473.6736,"k17cr3mkj0ckymz10rb2a9rmf986667y",{"reviewCount":8},{"description":307,"installMethods":308,"name":309,"sourceUrl":310,"tags":311},"Detect CVEs and security issues in project dependencies. Use when you need to analyze packages for known vulnerabilities across npm, pip, cargo, and other ecosystems.",{},"Dependency Scan","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/security/dependency-scan",[15,312,313,314,315,316,317,318],"dependencies","cve","npm","pip","cargo","scanning","vulnerability",{"githubOwner":187,"githubRepo":188,"locale":22,"slug":320,"type":190},"dependency-scan",{"extract":322,"llm":323},{"commitSha":195,"license":182},{"promptVersionExtension":166,"promptVersionScoring":167,"score":169,"targetMarket":172,"tier":173},{"repoId":198},{"anyEnrichmentAt":218,"extractAt":219,"githubAt":218,"llmAt":185,"updatedAt":185},{"_creationTime":327,"_id":328,"community":329,"display":330,"identity":340,"providers":343,"relations":347,"workflow":350},1778053197391.3792,"k170044xvvc7bx38n1fys0pzr1867rdb",{"reviewCount":8},{"description":331,"installMethods":332,"name":333,"sourceUrl":334,"tags":335},"使用 1Password CLI (op) 管理密码和 API credentials。保存、查询、读取 API key/token，注入环境变量到脚本。当用户提到保存密码、保存 API key、查询密码、1password、op CLI、secret 管理时使用此 skill。",{},"1Password CLI","https://github.com/iamzhihuix/happy-claude-skills/tree/HEAD/skills/1password",[336,233,16,337,338,339],"1password","credentials","api-keys","devops",{"githubOwner":341,"githubRepo":342,"locale":22,"slug":336,"type":190},"iamzhihuix","happy-claude-skills",{"extract":344,"llm":346},{"commitSha":345,"license":182},"f49e7782a551759c9f9e0a4d4417ff053f0a86fd",{"promptVersionExtension":166,"promptVersionScoring":167,"score":169,"targetMarket":172,"tier":173},{"parentExtensionId":348,"repoId":349},"k173w1behtbrx0ftmyyt34368x867ene","kd7dbbtdq95nkcs3k7fg9w6fdn864j0b",{"anyEnrichmentAt":351,"extractAt":352,"githubAt":351,"llmAt":353,"updatedAt":353},1778053199195,1778053197391,1778053284450]