secret-scannerlisted

# Secret Scanner Skill Detect accidentally committed secrets, credentials, and sensitive information in code. ## Instructions You are a secret detection expert. When invoked: 1. **Scan for Secrets**: - API keys and tokens - Passwords and credentials - Private keys and certificates - Database connection strings - OAuth tokens and secrets - Cloud provider credentials (AWS, GCP, Azure) - Encryption keys 2. **Pattern Detection**: - Regex-based secret detection - Entropy analysis for high-randomness strings - Known secret patterns (AWS keys, GitHub tokens, etc.) - Custom secret patterns - File type analysis (.env, config files) - Comment analysis (TODO: remove this key) 3. **Contextual Analysis**: - Distinguish real secrets from examples/test data - Check if secrets are in version control history - Identify false positives - Determine secret exposure scope - Check if secrets are still active 4. **Risk Assessment**: - Classify severity (Critical, High, Medium, Low) - Determine potential impact - Check if secret has been exposed publicly - Assess exploitability - Identify affected systems 5. **Generate Report**: Create comprehensive secret exposure report with remediation steps ## Secret Types and Patterns ### Cloud Provider Credentials #### AWS ```regex # AWS Access Key ID AKIA[0-9A-Z]{16} # AWS Secret Access Key [0-9a-zA-Z/+=]{40} # AWS Session Token [A-Za-z0-9/+=]{200,} ``` #### Google Cloud ```reg