Back to Details

ghost-scan-secrets

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Ghost Security Secrets Scanner — Orchestrator

Ghost Security 密钥扫描器 — 编排器

You are the top-level orchestrator for secrets scanning. Your ONLY job is to call the Task tool to spawn subagents to do the actual work. Each step below gives you the exact Task tool parameters to use. Do not do the work yourself.
你是密钥扫描的顶级编排器。你的唯一工作是调用Task工具来生成子代理以执行实际工作。以下每个步骤都为你提供了要使用的精确Task工具参数。请勿自行执行工作。

Defaults

默认设置

  • repo_path: the current working directory
  • scan_dir: 
    ~/.ghost/repos/<repo_id>/scans/<short_sha>/secrets
  • short_sha: 
    git rev-parse --short HEAD
    (falls back to 
    YYYYMMDD
    for non-git dirs)
$ARGUMENTS
Any values provided above override the defaults.
  • repo_path:当前工作目录
  • scan_dir
    ~/.ghost/repos/<repo_id>/scans/<short_sha>/secrets
  • short_sha
    git rev-parse --short HEAD
    (非Git目录下回退为
    YYYYMMDD
$ARGUMENTS
以上提供的任何值都会覆盖默认值。

Execution

执行流程

  1. Setup — compute paths and create output directories
  2. Initialize Poltergeist — install the poltergeist binary
  3. Scan for Secrets — run poltergeist against the codebase
  4. Analyze Candidates — assess each candidate for confirmation
  5. Summarize Results — generate the final scan report
  1. 设置 — 计算路径并创建输出目录
  2. 初始化Poltergeist — 安装poltergeist二进制文件
  3. 扫描密钥 — 针对代码库运行poltergeist
  4. 分析候选结果 — 评估每个候选结果以确认是否为真实密钥
  5. 汇总结果 — 生成最终扫描报告

Step 0: Setup

步骤0:设置

Run this Bash command to compute the repo-specific output directory, create it, and locate the skill files:
repo_name=$(basename "$(pwd)") && remote_url=$(git remote get-url origin 2>/dev/null || pwd) && short_hash=$(printf '%s' "$remote_url" | git hash-object --stdin | cut -c1-8) && repo_id="${repo_name}-${short_hash}" && short_sha=$(git rev-parse --short HEAD 2>/dev/null || date +%Y%m%d) && ghost_repo_dir="$HOME/.ghost/repos/${repo_id}" && scan_dir="${ghost_repo_dir}/scans/${short_sha}/secrets" && cache_dir="${ghost_repo_dir}/cache" && mkdir -p "$scan_dir/findings" && skill_dir=$(find . -path '*skills/scan-secrets/SKILL.md' 2>/dev/null | head -1 | xargs dirname) && echo "scan_dir=$scan_dir cache_dir=$cache_dir skill_dir=$skill_dir"
Store 
scan_dir
(the absolute path under 
~/.ghost/repos/
), 
cache_dir
(the repo-level cache directory), and 
skill_dir
(the absolute path to the skill directory containing 
agents/
, 
scripts/
, etc.).
After this step, your only remaining tool is Task. Do not use Bash, Read, Grep, Glob, or any other tool for Steps 1–4.
运行以下Bash命令来计算仓库专属的输出目录、创建该目录并定位技能文件:
repo_name=$(basename "$(pwd)") && remote_url=$(git remote get-url origin 2>/dev/null || pwd) && short_hash=$(printf '%s' "$remote_url" | git hash-object --stdin | cut -c1-8) && repo_id="${repo_name}-${short_hash}" && short_sha=$(git rev-parse --short HEAD 2>/dev/null || date +%Y%m%d) && ghost_repo_dir="$HOME/.ghost/repos/${repo_id}" && scan_dir="${ghost_repo_dir}/scans/${short_sha}/secrets" && cache_dir="${ghost_repo_dir}/cache" && mkdir -p "$scan_dir/findings" && skill_dir=$(find . -path '*skills/scan-secrets/SKILL.md' 2>/dev/null | head -1 | xargs dirname) && echo "scan_dir=$scan_dir cache_dir=$cache_dir skill_dir=$skill_dir"
存储
scan_dir
~/.ghost/repos/
下的绝对路径)、
cache_dir
(仓库级缓存目录)和
skill_dir
(包含
agents/
scripts/
等的技能目录绝对路径)。
完成此步骤后,你仅可使用Task工具。步骤1-4请勿使用Bash、Read、Grep、Glob或任何其他工具。

Step 1: Initialize Poltergeist

步骤1:初始化Poltergeist

Call the Task tool to initialize the poltergeist binary:
json
{
  "description": "Initialize poltergeist binary",
  "subagent_type": "general-purpose",
  "prompt": "You are the init agent. Read and follow the instructions in <skill_dir>/agents/init/agent.md.\n\n## Inputs\n- skill_dir: <skill_dir>"
}
The init agent installs poltergeist to 
~/.ghost/bin/poltergeist
(or 
poltergeist.exe
on Windows).
调用Task工具来初始化poltergeist二进制文件:
json
{
  "description": "Initialize poltergeist binary",
  "subagent_type": "general-purpose",
  "prompt": "You are the init agent. Read and follow the instructions in <skill_dir>/agents/init/agent.md.\n\n## Inputs\n- skill_dir: <skill_dir>"
}
初始化代理会将poltergeist安装到
~/.ghost/bin/poltergeist
(Windows系统下为
poltergeist.exe
)。

Step 2: Scan for Secrets

步骤2:扫描密钥

Call the Task tool to run the poltergeist scanner:
json
{
  "description": "Scan for secret candidates",
  "subagent_type": "general-purpose",
  "prompt": "You are the scan agent. Read and follow the instructions in <skill_dir>/agents/scan/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>"
}
The scan agent returns the candidate count and writes 
<scan_dir>/candidates.json
.
If candidate count is 0: Skip to Step 4 (Summarize) with no findings.
调用Task工具来运行poltergeist扫描器:
json
{
  "description": "Scan for secret candidates",
  "subagent_type": "general-purpose",
  "prompt": "You are the scan agent. Read and follow the instructions in <skill_dir>/agents/scan/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>"
}
扫描代理会返回候选结果数量,并将结果写入
<scan_dir>/candidates.json
如果候选结果数量为0:跳至步骤4(汇总),无检测结果。

Step 3: Analyze Candidates

步骤3:分析候选结果

Call the Task tool to analyze the candidates:
json
{
  "description": "Analyze secret candidates",
  "subagent_type": "general-purpose",
  "prompt": "You are the analysis agent. Read and follow the instructions in <skill_dir>/agents/analyze/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>\n- skill_dir: <skill_dir>\n- cache_dir: <cache_dir>"
}
The analysis agent spawns parallel analyzers for each candidate and writes finding files to 
<scan_dir>/findings/
.
调用Task工具来分析候选结果:
json
{
  "description": "Analyze secret candidates",
  "subagent_type": "general-purpose",
  "prompt": "You are the analysis agent. Read and follow the instructions in <skill_dir>/agents/analyze/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>\n- skill_dir: <skill_dir>\n- cache_dir: <cache_dir>"
}
分析代理会为每个候选结果生成并行分析器,并将检测结果文件写入
<scan_dir>/findings/

Step 4: Summarize Results

步骤4:汇总结果

Call the Task tool to summarize the findings:
json
{
  "description": "Summarize scan results",
  "subagent_type": "general-purpose",
  "prompt": "You are the summarize agent. Read and follow the instructions in <skill_dir>/agents/summarize/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>\n- skill_dir: <skill_dir>\n- cache_dir: <cache_dir>"
}
After executing all the tasks, report the scan results to the user.
调用Task工具来汇总检测结果:
json
{
  "description": "Summarize scan results",
  "subagent_type": "general-purpose",
  "prompt": "You are the summarize agent. Read and follow the instructions in <skill_dir>/agents/summarize/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>\n- skill_dir: <skill_dir>\n- cache_dir: <cache_dir>"
}
完成所有任务后,向用户报告扫描结果。

Error Handling

错误处理

If any Task call fails, retry it once. If it fails again, stop and report the failure.
如果任何Task调用失败,重试一次。如果再次失败,请停止并报告故障。