expanso-secrets-scan
Detect hardcoded secrets (API keys, tokens, passwords) in text or code.
Setup & Installation
Install command
clawhub install aronchick/expanso-secrets-scanIf the CLI is not installed:
Install command
npx clawhub@latest install aronchick/expanso-secrets-scanOr install with OpenClaw CLI:
Install command
openclaw skills install aronchick/expanso-secrets-scanor paste the repo link into your assistant's chat
Install command
https://github.com/openclaw/skills/tree/main/skills/aronchick/expanso-secrets-scanWhat This Skill Does
Scans text or code for hardcoded secrets such as API keys, tokens, and passwords. Runs locally via the Expanso Edge binary as a CLI pipeline or MCP server. Can also be deployed to Expanso Cloud for remote execution.
Runs the scan locally through a lightweight binary without sending code to a third-party SaaS service.
When to Use It
- Auditing a repository before making it public
- Checking a config file for accidentally included credentials
- Scanning a code snippet received from a colleague
- Reviewing environment files before committing to version control
- Verifying a script does not contain hardcoded tokens
View original SKILL.md file
# secrets-scan Detect hardcoded secrets (API keys, tokens, passwords) in text or code ## Requirements - Expanso Edge installed (`expanso-edge` binary in PATH) - Install via: `clawhub install expanso-edge` ## Usage ### CLI Pipeline ```bash # Run standalone echo '<input>' | expanso-edge run pipeline-cli.yaml ``` ### MCP Pipeline ```bash # Start as MCP server expanso-edge run pipeline-mcp.yaml ``` ### Deploy to Expanso Cloud ```bash expanso-cli job deploy https://skills.expanso.io/secrets-scan/pipeline-cli.yaml ``` ## Files | File | Purpose | |------|---------| | `skill.yaml` | Skill metadata (inputs, outputs, credentials) | | `pipeline-cli.yaml` | Standalone CLI pipeline | | `pipeline-mcp.yaml` | MCP server pipeline |
Example Workflow
Here's how your AI assistant might use this skill in practice.
User asks: Auditing a repository before making it public
- 1Auditing a repository before making it public
- 2Checking a config file for accidentally included credentials
- 3Scanning a code snippet received from a colleague
- 4Reviewing environment files before committing to version control
- 5Verifying a script does not contain hardcoded tokens
Detect hardcoded secrets (API keys, tokens, passwords) in text or code.
Security Audits
These signals reflect official OpenClaw status values. A Suspicious status means the skill should be used with extra caution.