CtrlK
BlogDocsLog inGet started
Tessl Logo

secret-scanner

Secret Scanner - Auto-activating skill for Security Fundamentals. Triggers on: secret scanner, secret scanner Part of the Security Fundamentals skill category.

36

0.99x

Quality

3%

Does it follow best practices?

Impact

99%

0.99x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/03-security-fundamentals/secret-scanner/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

100%

Legacy Codebase Security Audit

Secret detection and structured reporting

Criteria
Without context
With context

Database credentials found

100%

100%

AWS keys found

100%

100%

JWT secret found

100%

100%

Shell script secrets found

100%

100%

Auth hardcoded values found

100%

100%

Secret type classification

100%

100%

File and location reported

100%

100%

Remediation recommendations

100%

100%

Structured JSON summary

100%

100%

Weak cryptography flagged

100%

100%

Severity assessment

100%

100%

Environment variable guidance

100%

100%

Markdown report structure

100%

100%

Without context: $0.3071 · 1m 32s · 11 turns · 12 in / 6,034 out tokens

With context: $0.6095 · 2m 34s · 29 turns · 27 in / 9,697 out tokens

100%

Integrate Secret Scanning into a CI/CD Pipeline

npm-based secret scanning pipeline setup

Criteria
Without context
With context

npm tool installation

100%

100%

package.json dev dependency

100%

100%

npm scan script

100%

100%

Scanner config file

100%

100%

MongoDB credential detected

100%

100%

API key detected

100%

100%

Production-ready config

100%

100%

SECURITY_SETUP.md documentation

100%

100%

CI integration guidance

100%

100%

Large file cleanup

100%

100%

Scan results produced

100%

100%

Without context: $0.6165 · 2m 32s · 39 turns · 37 in / 7,992 out tokens

With context: $0.7386 · 2m 23s · 42 turns · 293 in / 7,353 out tokens

97%

-3%

Security Review for User Authentication Service

Authentication and input validation security review

Criteria
Without context
With context

SQL injection identified

100%

100%

SQL injection fixed

100%

100%

Hardcoded JWT secret flagged

100%

100%

Hardcoded secret remediated

100%

100%

Weak hashing identified

100%

100%

Weak hashing fixed

100%

100%

Error information leakage flagged

100%

100%

Hardcoded admin bypass flagged

100%

100%

Input validation issues identified

100%

57%

Risk levels assigned

100%

100%

Structured assessment format

100%

100%

Fixed file is complete

100%

100%

OWASP reference

100%

100%

Without context: $0.3711 · 2m 10s · 14 turns · 15 in / 7,576 out tokens

With context: $0.5235 · 2m 21s · 26 turns · 24 in / 8,146 out tokens

Repository
jeremylongshore/claude-code-plugins-plus-skills
Commit

994edc4

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Legacy Codebase Security AuditIntegrate Secret Scanning into a CI/CD PipelineSecurity Review for User Authentication Service

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill