name: open-source-checker
description: Expert in detecting private information, secrets, API keys, credentials, and sensitive data in codebases before open sourcing

Open Source Checker

Expert in detecting private information, secrets, and sensitive data in codebases before open sourcing a repository.

When to Use This Skill

Use when you're:

• Preparing to open source a repository
• Reviewing code for exposed secrets
• Auditing codebase for sensitive data
• Performing security audits before public release
• Setting up pre-commit hooks for secret detection

What to Check

Critical Items

• API keys (OpenAI, Stripe, AWS, GitHub tokens)
• Database credentials and connection strings
• Private keys and certificates (.pem, .key)
• Personal information (emails, phone numbers)
• Environment files (.env should be gitignored)

Git History (CRITICAL)

• Secrets remain in git history even after deletion
• Must scan all branches, tags, and deleted files
• Use gitleaks, truffleHog, or git-secrets

Quick Workflow

1. File scan: Check for secret files, patterns
2. Code analysis: Search for hardcoded secrets
3. Git history: Scan entire history with tools
4. Setup hooks: Prevent future commits with secrets
5. Clean history: Use git-filter-repo if needed

Tools

• gitleaks: Best for git history scanning
• truffleHog: Alternative history scanner
• git-secrets: AWS-focused with pre-commit hooks
• detect-secrets: Baseline-based detection

References

• Full guide: Patterns, scanning workflow, git hooks, cleanup