OpenClaw · Skill
Expanso Secrets Scan
Detect hardcoded secrets (API keys, tokens, passwords) in text or code
AI & LLMs
v1.0.0
VirusTotal: Benign
Install
Start with the primary install command. Alternate entrypoints are included below for ClawHub and OpenClaw CLI users.
Primary command
clawhub install aronchick/expanso-secrets-scanClawHub installer
npx clawhub@latest install aronchick/expanso-secrets-scanOpenClaw CLI
openclaw skills install aronchick/expanso-secrets-scanDirect OpenClaw install
openclaw install aronchick/expanso-secrets-scanWhat this skill does
Detect hardcoded secrets (API keys, tokens, passwords) in text or code
Why it matters
Runs the scan locally through a lightweight binary without sending code to a third-party SaaS service.
Typical use cases
- Auditing a repository before making it public
- Checking a config file for accidentally included credentials
- Scanning a code snippet received from a colleague
- Reviewing environment files before committing to version control
- Verifying a script does not contain hardcoded tokens
Source instructions
secrets-scan
Detect hardcoded secrets (API keys, tokens, passwords) in text or code
Requirements
- Expanso Edge installed (
expanso-edgebinary in PATH) - Install via:
clawhub install expanso-edge
Usage
CLI Pipeline
# Run standalone
echo '<input>' | expanso-edge run pipeline-cli.yaml
MCP Pipeline
# Start as MCP server
expanso-edge run pipeline-mcp.yaml
Deploy to Expanso Cloud
expanso-cli job deploy https://skills.expanso.io/secrets-scan/pipeline-cli.yaml
Files
| File | Purpose |
|---|---|
skill.yaml | Skill metadata (inputs, outputs, credentials) |
pipeline-cli.yaml | Standalone CLI pipeline |
pipeline-mcp.yaml | MCP server pipeline |