CtrlK
BlogDocsLog inGet started
Tessl Logo

hardcoded-credential-finder

Hardcoded Credential Finder - Auto-activating skill for Security Fundamentals. Triggers on: hardcoded credential finder, hardcoded credential finder Part of the Security Fundamentals skill category.

35

0.94x
Quality

3%

Does it follow best practices?

Impact

93%

0.94x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/hardcoded-credential-finder/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

97%

1%

Security Audit: E-Commerce Backend Credential Exposure

Credential type detection and remediation guidance

Criteria
Without context
With context

Database password found

100%

100%

API key detection

100%

100%

AWS credentials found

100%

100%

JWT secret identified

100%

100%

Admin credentials flagged

100%

100%

Script credentials detected

100%

100%

Environment variable remediation

100%

100%

No hardcoded values in remediation

60%

70%

Risk explanation per finding

100%

100%

Connection string credential found

100%

100%

Remediation covers multiple credential types

100%

100%

Secure secret storage mentioned

100%

100%

92%

-8%

Build a CI/CD Security Scanner for Credential Detection

Production-ready scanner with OWASP standards validation

Criteria
Without context
With context

Script runs without error

100%

100%

scan_report.json generated

100%

100%

Multiple credential patterns detected

100%

100%

File and location context in report

100%

100%

Credential type classification

100%

100%

Detects credentials in YAML/config files

100%

100%

Detects credentials in shell/Makefile

100%

100%

Example file suppression

100%

100%

Non-zero exit on findings

100%

100%

README covers CI usage

100%

100%

Recursive directory scan

100%

100%

AWS key pattern detected

100%

0%

90%

-10%

Vulnerability Assessment: Preparing a Codebase for Compliance Review

Step-by-step methodology and secure coding guidance

Criteria
Without context
With context

Executive summary present

100%

100%

Severity ratings assigned

100%

100%

Infrastructure credentials found

100%

100%

Auth module credentials found

100%

100%

Security standard references

100%

100%

Weak hashing identified

100%

100%

SQL injection noted

100%

75%

Database URL credential found

100%

100%

Remediation roadmap present

100%

100%

remediation_checklist.json valid

100%

100%

No secrets in output

100%

0%

Environment variable recommendation

100%

100%

Multi-file coverage

100%

100%

Repository
jeremylongshore/claude-code-plugins-plus-skills
Commit

87f14eb

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Security Audit: E-Commerce Backend Credential ExposureBuild a CI/CD Security Scanner for Credential DetectionVulnerability Assessment: Preparing a Codebase for Compliance Review

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill