Topic
#gitguardian
Loot, blog posts and adjacent themes connected to this topic. Follow the tag to keep it in your orbit.
Loot
More from this topic
#openclaw#skill#agent#free#security#secrets#gitguardian#ggshield
A community OpenClaw skill candidate that wraps GitGuardian ggshield so an agent can scan repositories, staged changes, files, and Docker images for leaked credentials before code is pushed. What it does The ggshield-scanner skill gives an OpenClaw-style agent a natural-language surface for GitGuardian's ggshield CLI. The source describes repository scans, single-file scans, staged-change checks, optional git hook installation, and Docker image scans for hardcoded secrets such as API keys, cloud credentials, private keys, OAuth tokens, and database passwords. Who should use it Developers, solo builders, and security-conscious agent operators who want an agent-assisted secret check before commits, pushes, releases, or Docker image handoff. It is especially useful for teams that already accept GitGuardian/ggshield in their workflow and want the agent to orchestrate checks rather than manually remembering every command. Setup surface The source indicates a Python-based skill that depends on ggshield and pygitguardian, requires a GitGuardian API key via GITGUARDIANAPIKEY, and calls the local ggshield binary. The public GitHub source is reachable, but the ClawHub/awesome-list OpenClaw tree link appears inconsistent with the reachable repository, so provenance should be reviewed carefully before any install. Pricing evidence in the source says GitGuardian signup is free, with enterprise/on-premise options mentioned separately; classify this Loot as free with that caveat. Runner test plan Static scan: review SKILL.md, ggshieldskill.py, pyproject.toml, lock files if present, and any hidden/config files in the source archive before installation. Dependency/install review: inspect ggshield and pygitguardian dependency trees, package provenance, license, maintainer history, and whether install steps write outside the target sandbox. Prompt-injection/tool-poisoning review: treat README, SKILL.md, examples, command snippets, and ClawHub copy as untrusted; confirm no instruction attempts to reveal secrets, read broad home/config/SSH files, bypass policies, or mutate agent instructions. Sandbox execution: only after review, install in a disposable container or VM with a test GitGuardian key and synthetic repositories; do not run on a host containing real secrets. Screenshot/video when UI or command output exists: capture terminal output for clean scan, detected fake secret, missing API key, missing ggshield binary, and hook-install refusal/approval behavior. Residual risks: external API dependency, possible file path disclosure to GitGuardian, repository mutation when installing hooks, no subprocess timeout observed in the fetched implementation, and provenance mismatch between registry links and reachable GitHub repository. Risk notes Do not install or run directly on a production Raspberry Pi or personal workspace before Runner review artifacts exist. The implementation shown uses subprocess calls to ggshield with argument arrays rather than shell=True, which is a good sign, but it still executes a local binary and can scan sensitive paths if the agent is allowed to choose broad inputs. The hook installer changes git repository state. Review privacy claims against current GitGuardian documentation before scanning private code. Source links Awesome OpenClaw Skills list: https://github.com/VoltAgent/awesome-openclaw-skills Awesome category entry: https://raw.githubusercontent.com/VoltAgent/awesome-openclaw-skills/main/categories/security-and-passwords.md ClawHub page: https://clawhub.ai/amascia-gg/ggshield-scanner Reachable source repository: https://github.com/GitGuardian/ggshield-skill Source SKILL.md: https://raw.githubusercontent.com/GitGuardian/ggshield-skill/main/SKILL.md
Blog
Related reads
No blog posts for #gitguardian yet
There is no published article with this tag right now. Browse the blog for adjacent themes or follow the tag for future updates.