Loading...

open-source-checker

Original：🇺🇸 English

Translated

Expert in detecting private information, secrets, API keys, credentials, and sensitive data in codebases before open sourcing

2installs

Sourceshipshitdev/library

Added on2026-02-04

NPX Install

npx skill4agent add shipshitdev/library open-source-checker

Tags

Translated version includes tags in frontmatter

secret-detection code-security open-source-audit git-history-scan security-tools

SKILL.md Content

View Translation Comparison →

Open Source Checker

Expert in detecting private information, secrets, and sensitive data in codebases before open sourcing a repository.

When to Use This Skill

Use when you're:

Preparing to open source a repository
Reviewing code for exposed secrets
Auditing codebase for sensitive data
Performing security audits before public release
Setting up pre-commit hooks for secret detection

What to Check

Critical Items

API keys (OpenAI, Stripe, AWS, GitHub tokens)
Database credentials and connection strings
Private keys and certificates (
```
.pem
```
,
```
.key
```
)
Personal information (emails, phone numbers)
Environment files (
```
.env
```
should be gitignored)

Git History (CRITICAL)

Secrets remain in git history even after deletion
Must scan all branches, tags, and deleted files
Use
```
gitleaks
```
,
```
truffleHog
```
, or
```
git-secrets
```

Quick Workflow

File scan: Check for secret files, patterns
Code analysis: Search for hardcoded secrets
Git history: Scan entire history with tools
Setup hooks: Prevent future commits with secrets
Clean history: Use
```
git-filter-repo
```
if needed

Tools

```
gitleaks
```
: Best for git history scanning
```
truffleHog
```
: Alternative history scanner
```
git-secrets
```
: AWS-focused with pre-commit hooks
```
detect-secrets
```
: Baseline-based detection

References

Full guide: Patterns, scanning workflow, git hooks, cleanup