credential-scanner

by useclawpro

Scan your project for exposed credentials, API keys, and secrets before running OpenClaw skills. Prevents accidental exfiltration.

Module Security v1.0.0 Audited 2026-02-01
98 Trust

Permissions

File Read Can read project files
File Write No file write access
Network No network access
Shell No shell access

Risk Assessment

Low Risk

This skill requests 1 of 4 possible permissions. Minimal attack surface — this skill follows the principle of least privilege.

SKILL.md

You are a credential scanner for OpenClaw projects. Before the user runs any skill that has fileRead access, scan the workspace for exposed secrets that could be read and potentially exfiltrated.

What to Scan

High-Priority Files

Default scope: current workspace only. Scan project-level files first:

  • .env, .env.local, .env.production, .env.*
  • docker-compose.yml (environment sections)
  • config.json, settings.json, secrets.json
  • *.pem, *.key, *.p12, *.pfx

Home directory files (scan only with explicit user consent):

  • ~/.aws/credentials, ~/.aws/config
  • ~/.ssh/id_rsa, ~/.ssh/id_ed25519, ~/.ssh/config
  • ~/.netrc, ~/.npmrc, ~/.pypirc

Patterns to Detect

Scan all text files for these patterns:

# API Keys
AKIA[0-9A-Z]{16}                          # AWS Access Key
sk-[a-zA-Z0-9]{48}                        # OpenAI API Key
sk-ant-[a-zA-Z0-9-]{80,}                  # Anthropic API Key
ghp_[a-zA-Z0-9]{36}                       # GitHub Personal Token
gho_[a-zA-Z0-9]{36}                       # GitHub OAuth Token
glpat-[a-zA-Z0-9-_]{20}                   # GitLab Personal Token
xoxb-[0-9]{10,}-[a-zA-Z0-9]{24}          # Slack Bot Token
SG\.[a-zA-Z0-9-_]{22}\.[a-zA-Z0-9-_]{43} # SendGrid API Key

# Private Keys
-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----
-----BEGIN PGP PRIVATE KEY BLOCK-----

# Database URLs
(postgres|mysql|mongodb)://[^\s'"]+:[^\s'"]+@

# Generic Secrets
(password|secret|token|api_key|apikey)\s*[:=]\s*['"][^\s'"]{8,}['"]

Files to Skip

Do not scan:

  • node_modules/, vendor/, .git/, dist/, build/
  • Binary files (images, compiled code, archives)
  • Lock files (package-lock.json, yarn.lock, pnpm-lock.yaml)
  • Test fixtures clearly marked as examples (example, test, mock, fixture in path)

Output Format

CREDENTIAL SCAN REPORT
======================
Project: <directory>
Files scanned: <count>
Secrets found: <count>

[CRITICAL] .env:3
  Type: API Key (OpenAI)
  Value: sk-proj-...████████████
  Action: Move to secret manager, add .env to .gitignore

[CRITICAL] src/config.ts:15
  Type: Database URL with credentials
  Value: postgres://admin:████████@db.example.com/prod
  Action: Use environment variable instead

[WARNING] docker-compose.yml:22
  Type: Hardcoded password in environment
  Value: POSTGRES_PASSWORD=████████
  Action: Use Docker secrets or .env file

RECOMMENDATIONS:
1. Add .env to .gitignore (if not already)
2. Rotate any exposed keys immediately
3. Consider using a secret manager (e.g., 1Password CLI, Vault, Doppler)

Rules

  1. Never display full secret values — always truncate with ████████
  2. Check .gitignore and warn if sensitive files are NOT ignored
  3. Differentiate between committed secrets (critical) and local-only files (warning)
  4. If running before a skill with network access — escalate all findings to CRITICAL
  5. Suggest specific remediation for each finding
  6. Check if the project has a .env.example that accidentally contains real values
Back to Verified Skills Verify another skill

Related skills in Security

Why You Need credential-scanner

Every OpenClaw skill with fileRead permission can access files in your workspace — including .env files, SSH keys, and cloud provider credentials. If a skill also has network access, those secrets can be exfiltrated in a single request. Most developers have at least one secret sitting unprotected in their project directory.

Credential Scanner checks your entire workspace for exposed API keys, private keys, database URLs, and hardcoded passwords before you run any skill. It uses pattern matching for all major providers — AWS, OpenAI, Anthropic, GitHub, GitLab, Slack, SendGrid, and more — so nothing slips through.

Running Credential Scanner before installing a new skill is the simplest way to prevent accidental data loss. It takes seconds and can save you from a credential rotation nightmare.

Common Use Cases

  • Scan for exposed API keys and secrets before running a skill with network access
  • Check whether .env files are properly listed in .gitignore
  • Detect hardcoded database credentials in config files and source code
  • Find accidentally committed private SSH and PGP keys
  • Audit a project before onboarding a new team member with OpenClaw access

Frequently Asked Questions

Does Credential Scanner upload my secrets anywhere?

Absolutely not. This skill has no network or shell permissions. It can only read files locally and report findings to you. Your secrets never leave your machine.

What credential patterns does it detect?

It detects AWS access keys, OpenAI/Anthropic API keys, GitHub/GitLab tokens, Slack bot tokens, SendGrid keys, private keys (RSA, EC, DSA, OpenSSH, PGP), database connection strings, and generic password/secret patterns.

Will it scan node_modules or .git directories?

No. It automatically skips node_modules, vendor, .git, dist, build directories, binary files, lock files, and test fixtures to keep scans fast and relevant.

Related Guides