Stats
Actions
Tags
From is-it-magic
Audit the local dev machine for exposed secrets — credential files, private keys, cloud credentials, and hardcoded tokens. Writes a CSV report to .claude/secret-audit-<date>.csv.
How this skill is triggered — by the user, by Claude, or both
Slash command
/is-it-magic:devbox-scan-secretsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Read and follow all rules in `${CLAUDE_PLUGIN_ROOT}/skills/shared/_ux-rules.md`.
Read and follow all rules in ${CLAUDE_PLUGIN_ROOT}/skills/shared/_ux-rules.md.
${CLAUDE_PLUGIN_ROOT}/skills/shared/_secret-redaction.md before writing any CSV row./devbox-scan-secrets [path]
$ARGUMENTS is optional. If provided, it is an additional directory path to scan recursively. If empty, only the fixed high-risk locations are scanned.
Detect the platform at runtime and resolve HOME_DIR and CONFIG_BASE:
# Unix / macOS
echo "$HOME"
echo "${XDG_CONFIG_HOME:-$HOME/.config}"
# Windows
echo "$env:USERPROFILE"
echo "$env:APPDATA"
USERPROFILE is set): HOME_DIR = %USERPROFILE%, CONFIG_BASE = %APPDATA%HOME is set): HOME_DIR = $HOME, CONFIG_BASE = $XDG_CONFIG_HOME if set, otherwise $HOME/.configIf neither USERPROFILE nor HOME resolves, stop immediately:
Cannot resolve home directory — neither USERPROFILE nor HOME is set. Aborting.
If CONFIG_BASE cannot be resolved, skip that location and note the omission in the preflight output.
Assemble the fixed high-risk locations:
| Path | Depth |
|---|---|
<HOME_DIR>/.azure/ | recursive |
<HOME_DIR>/.ssh/ | recursive |
<HOME_DIR>/.aws/ | recursive |
<CONFIG_BASE>/ | shallow (top level only) |
<HOME_DIR>/ root | shallow (files at root level only, no subdirectories) |
If $ARGUMENTS is non-empty:
Path not found: <path>
Provide a valid path or omit the argument to scan only the default high-risk locations.
recursive.Enumerate files across all locations respecting depth constraints. Count:
Print the scope table:
Secret Audit — Scope
──────────────────────────────────────────────
Fixed high-risk locations:
<HOME_DIR>/.azure/ (recursive)
<HOME_DIR>/.ssh/ (recursive)
<HOME_DIR>/.aws/ (recursive)
<CONFIG_BASE>/ (one level deep)
<HOME_DIR>/ root (non-recursive)
[If user path provided:]
<path> (recursive)
Total files to inspect: <N>
Binary files (will be skipped): <B>
──────────────────────────────────────────────
Then use AskUserQuestion:
Question: "Proceed with the secret audit?"
Options:
Proceed with scan (Recommended)Cancel — abort scanIf Cancel: print Scan aborted. No files were read or written. and stop.
Spawn ${CLAUDE_PLUGIN_ROOT}/agents/scanner-devbox.md, passing:
SCAN_PATHS: [ "<list of resolved absolute paths>" ]
DEPTH_CONSTRAINTS: { "<path>": "recursive|shallow", ... }
Wait for the agent to complete. Parse the SCANNER_DEVBOX_OUTPUT_START … SCANNER_DEVBOX_OUTPUT_END block from the agent's output.
Determine today's date (YYYY-MM-DD). Compute the output path:
<cwd>/.claude/secret-audit-<YYYY-MM-DD>.csv
Create .claude/ if it does not exist. Overwrite the file if it already exists.
Write the CSV header row:
severity,secret_type,file_path,line_number,pattern_matched,partial_value
For each finding from the agent output, write one CSV row. Quote all values. Use forward slashes in file paths.
Sort rows: Critical first, then High, Medium, Low.
Print: Report written to: <absolute path>
Print a summary grouped by severity:
Secret Audit Summary — <YYYY-MM-DD>
──────────────────────────────────────────────
CRITICAL (<N>)
<secret_type> <count>
HIGH (<N>)
<secret_type> <count>
MEDIUM (<N>)
<secret_type> <count>
LOW (<N>)
<secret_type> <count>
──────────────────────────────────────────────
Total findings: <N>
Files scanned: <F>
Binary files skipped: <B>
Report saved to: <absolute path>
If zero findings:
No secrets detected across <F> files scanned.
Binary files skipped: <B>
Report saved to: <absolute path>
Guides creation, editing, and verification of skills for AI coding agents using test-driven development with subagent scenarios. Use when authoring or debugging skills.
npx claudepluginhub gbr-perso-1/is-it-magic --plugin is-it-magic