← ClaudeAtlas

brewtoolssecrets-scanlisted

Scans git-tracked files for leaked secrets. Triggers - secrets scan, find credentials, leaked keys, security audit.
kochetkov-ma/claude-brewcode · ★ 27 · AI & Automation · score 77
Install: claude install-skill kochetkov-ma/claude-brewcode
# Secrets Scan <phase name="1-setup"> ## Phase 1: Setup **EXECUTE** using Bash tool: ```bash git rev-parse --is-inside-work-tree 2>/dev/null || { echo "ERROR: Not git repo"; exit 1; } REPO=$(git rev-parse --show-toplevel) && cd "$REPO" TS=$(date +%Y%m%d-%H%M%S) DIR="$REPO/.claude/reports/${TS}_secrets-scan" && mkdir -p "$DIR" git ls-files > "$DIR/files.txt" echo "DIR=$DIR|REPO=$REPO|TS=$TS|TOTAL=$(wc -l < "$DIR/files.txt" | tr -d ' ')" cat "$DIR/files.txt" ``` > **STOP if ERROR** — must run in git repository. </phase> <phase name="2-parallel-scan"> ## Phase 2: Split & Launch 10 Agents 1. Parse file list → split into 10 chunks (`ceil(total/10)`) 2. Send 10 Task calls in parallel (single message) Config: `Task(subagent_type="general-purpose", model="haiku", description="Agent N/10 scan")` <agent-prompt> Agent {N}/10 secrets scanner. FILES: {FILES} Read each file → detect secrets → return JSON. PATTERNS: | Category | Match | |----------|-------| | Passwords | `password/passwd/secret/pwd` + `=` or `:` | | API Keys | `api_key`, `access_key`, `apikey`, `api_secret` | | Tokens | `token`, `bearer`, `auth_token`, `access_token` | | AWS | `AKIA[0-9A-Z]{16}`, `aws_secret`, `aws_access_key` | | DB URLs | `jdbc/mongodb/mysql/postgres` with credentials | | Keys | `-----BEGIN.*PRIVATE KEY-----`, `client_secret`, `encryption_key` | CRITICALITY: | Level | Criteria | |-------|----------| | CRITICAL | Real credentials, private keys, DB connection strings | | HIGH | Real API keys/t