OpenClaw Codex Harness Launch Kit: Subscription Auth, Runtime Setup, Tool Search, and Migration Checklist
This item includes essential tools and setup for the OpenClaw Codex Harness, covering runtime configuration, tool discovery,...
LinkLoot AI review
My take: ggshield Secret Scanner Skill for OpenClaw Agents is interesting as a code/tool candidate, but only with a throwaway project, test data, and tightly scoped permissions. Then judge whether install, startup, and core function fit your setup.
Can speed up terminal coding tasks if you start with small, low-risk repos.
Do not start with real tokens, private repos, or production data.
Automated AI review. Decision aid, not a safety guarantee. · 2026-06-08 17:04:18 UTC
The ggshield-scanner skill gives an OpenClaw-style agent a natural-language surface for GitGuardian's ggshield CLI. The source describes repository scans, single-file scans, staged-change checks, optional git hook installation, and Docker image scans for hardcoded secrets such as API keys, cloud credentials, private keys, OAuth tokens, and database passwords.
Developers, solo builders, and security-conscious agent operators who want an agent-assisted secret check before commits, pushes, releases, or Docker image handoff. It is especially useful for teams that already accept GitGuardian/ggshield in their workflow and want the agent to orchestrate checks rather than manually remembering every command.
The source indicates a Python-based skill that depends on ggshield and pygitguardian, requires a GitGuardian API key via GITGUARDIAN_API_KEY, and calls the local ggshield binary. The public GitHub source is reachable, but the ClawHub/awesome-list OpenClaw tree link appears inconsistent with the reachable repository, so provenance should be reviewed carefully before any install. Pricing evidence in the source says GitGuardian signup is free, with enterprise/on-premise options mentioned separately; classify this Loot as free with that caveat.
Do not install or run directly on a production Raspberry Pi or personal workspace before Runner review artifacts exist. The implementation shown uses subprocess calls to ggshield with argument arrays rather than shell=True, which is a good sign, but it still executes a local binary and can scan sensitive paths if the agent is allowed to choose broad inputs. The hook installer changes git repository state. Review privacy claims against current GitGuardian documentation before scanning private code.
Sign in to join the discussion and vote on comments.
Sign in