safetysecret-detectorlisted

Scan any export, file, or vault batch for credentials, API keys, tokens, and sensitive data before they leave the local machine. Fires automatically on all Claw export operations. Default skill for Starlight Sentinel and Attestation Claw.
frankxai/Starlight-Intelligence-System · ★ 5 · AI & Automation · score 75

Install: claude install-skill frankxai/Starlight-Intelligence-System

# Secret Detector > Nothing sensitive exits the local machine without explicit human awareness. ## When This Skill Activates - Any content is about to be written outside `~/.starlight/` to an external destination - Any vault export is generated for a platform adapter - Any content is passed to an external MCP server - Keywords: "export", "publish", "send", "upload", "share", "transmit" - Default for: Starlight Sentinel ## What This Skill Does Scans content for credential patterns, personal identifiers, and sensitive data before it leaves the local machine. Blocks export if secrets are found. Never auto-redacts — always surfaces findings to the user for an explicit decision. ## Procedures ### Procedure 1: Pre-Export Scan 1. Receive content blob pending export 2. Run pattern detection against the full content: | Pattern | Example | Action on match | |---------|---------|----------------| | API keys | `sk-...`, `pk_...`, `ghp_...`, `xoxb-...` | BLOCK + report | | Private keys | `-----BEGIN PRIVATE KEY-----` | BLOCK + report | | Passwords in config | `password=`, `passwd=`, `secret=` | BLOCK + report | | Email addresses | `user@domain.com` in unexpected context | WARN + report | | Phone numbers | `+1-555-...`, formatted phone patterns | WARN + report | | Credit card patterns | 16-digit sequences with separators | BLOCK + report | | Government IDs | SSN patterns, national ID formats | BLOCK + report | 3. If BLOCK patterns found: halt export, ge