Stats
Actions
Tags
From hb
Checks git repositories for sensitive data (credentials, API keys, PII) via full-scan or --diff mode for staged changes. Use before commit or for periodic audits.
How this skill is triggered — by the user, by Claude, or both
Slash command
/hb:safe-repo [--diff][--diff]The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Security audit for sensitive data in repository. Check for credentials, API keys, company-specific information, and PII.
Security audit for sensitive data in repository. Check for credentials, API keys, company-specific information, and PII.
--diff: scans only staged + unstaged changes (git diff + git diff --cached). Use before commit or when called from review / ship workflows. Fast, no false positives from pre-existing files.bash scripts/scan-secrets.sh to scan all tracked files for credential patterns
(see references/patterns.md for full pattern list).gitignore for proper patterns--diff modegit diff --name-only HEAD + git diff --name-only --cachedgit ls-files) - ignore local configs.gitignore covers sensitive patternsgit ls-files returns nothing → verify the current directory is a git repository; run git status to confirmgit log --oneline -100npx claudepluginhub helderberto/agent-skills --plugin hbScans codebase for hardcoded secrets, API keys, credentials, tokens, and sensitive data. Supports directories, --all for full repo, --staged for git changes. Reports severity, locations, remediation.
Runs gitleaks scans for secret detection, validates configurations, and integrates with pre-commit hooks to prevent credential leaks in Git repos.
Audits git repositories for committed secrets using Gitleaks: scans history, baselines false positives, configures rules, integrates with CI, and enforces no-secrets constraints.