Skip to main content

secrets-gitleaks

Detects hardcoded secrets in git repositories using Gitleaks, enhancing security in DevSecOps workflows and preventing credential leakage.

Install this skill

or
82/100

Security score

The secrets-gitleaks skill was audited on Mar 5, 2026 and we found 10 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 99

Template literal with variable interpolation in command context

SourceSKILL.md
99```yaml
medium line 416

Access to .env file

SourceSKILL.md
416- `git filter-repo` (recommended): `git filter-repo --path-glob '*.env' --invert-paths`
low line 20

External URL reference

SourceSKILL.md
20- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/
low line 21

External URL reference

SourceSKILL.md
21- https://cwe.mitre.org/data/definitions/798.html
low line 497

External URL reference

SourceSKILL.md
497- [OWASP A07:2021 - Identification and Authentication Failures](https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/)
low line 498

External URL reference

SourceSKILL.md
498- [CWE-798: Use of Hard-coded Credentials](https://cwe.mitre.org/data/definitions/798.html)
low line 499

External URL reference

SourceSKILL.md
499- [CWE-259: Use of Hard-coded Password](https://cwe.mitre.org/data/definitions/259.html)
low line 500

External URL reference

SourceSKILL.md
500- [CWE-321: Use of Hard-coded Cryptographic Key](https://cwe.mitre.org/data/definitions/321.html)
low line 501

External URL reference

SourceSKILL.md
501- [PCI-DSS Requirements](https://www.pcisecuritystandards.org/)
low line 502

External URL reference

SourceSKILL.md
502- [SOC2 Security Criteria](https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html)
Scanned on Mar 5, 2026
View Security Dashboard

Install this skill with one command

/learn @rohunj/secrets-gitleaks
GitHub Stars 228
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawdevopsbackenddevops-sresecurity-engineerbackend-developerqa-engineerproduct-managerdevelopmentproduct
rohunj/claude-build-workflow