vibe-sanitizer

Use this skill when an agent needs to scan a Git repository for secrets, credentials, or machine-specific file paths, then sanitize safe findings in place or export a sanitized shareable copy using the bundled Python source in ./src.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "vibe-sanitizer" with this command: npx skills add vibe-sanitizer

vibe-sanitizer

Use this skill to scan a Git repository for secrets, credentials, or machine-specific file paths and make a repository safer before commit, before sharing, or before publishing.

This skill is for local agent workflows in Codex, Claude Code, OpenClaw, and similar coding agents that can read repositories and run shell commands.

When To Use

Use this skill when the user wants to...Recommended action
Scan a repo before commitscan --scope working-tree or scan --scope staged
Audit tracked files or a commitscan --scope tracked or scan --scope commit
Fix safe findings in the original reposanitize --mode in-place
Create a shareable sanitized copyexport --output ...
Check AI-assisted or vibe-coded repos for leaked pathsUse normal scan flow with path detectors enabled

What It Catches

CategoryDetectors
Private materialPEM-style private key blocks
API keys and tokensOpenAI-style keys, AWS access key ids, GitHub tokens, Slack tokens, bearer tokens
Credentials in textURLs with embedded credentials, quoted secret-like assignments
Machine-specific pathsWorkspace paths, home-directory paths, temporary paths, Windows user-directory paths
Finding classMeaning
FixableSafe to rewrite in place
Review-requiredShould be flagged, but not auto-rewritten in the original repo

Runtime Setup

StepCommand
Verify bundled CLIcd {{skill_dir}}/src && python3 -m vibe_sanitizer.cli --help
If not in audited repoPass --root {{repo_dir}}
If verification failsConfirm {{skill_dir}}/src/vibe_sanitizer/cli.py exists and python3 is available

Workflow

StepAction
1Confirm the target repository root
2Run the bundled CLI from {{skill_dir}}/src
3Use the narrowest useful scope
4Run scan first
5Summarize findings by file, detector, severity, and fixability
6Never print raw secret values
7Use sanitize --mode in-place only for safe pre-commit cleanup
8Use export when the user wants a separate sanitized copy

Scope Guide

ScopeUse when
working-treeChecking tracked and untracked files that are not ignored
stagedChecking what is about to be committed
trackedAuditing tracked repository files
commitAuditing one specific commit

Commands

TaskCommand
Verify CLIcd {{skill_dir}}/src && python3 -m vibe_sanitizer.cli --help
Working tree scancd {{skill_dir}}/src && python3 -m vibe_sanitizer.cli scan --root {{repo_dir}} --scope working-tree
Staged scancd {{skill_dir}}/src && python3 -m vibe_sanitizer.cli scan --root {{repo_dir}} --scope staged
Tracked auditcd {{skill_dir}}/src && python3 -m vibe_sanitizer.cli scan --root {{repo_dir}} --scope tracked --format json
Commit auditcd {{skill_dir}}/src && python3 -m vibe_sanitizer.cli scan --root {{repo_dir}} --scope commit --commit <sha>
Safe in-place cleanupcd {{skill_dir}}/src && python3 -m vibe_sanitizer.cli sanitize --root {{repo_dir}} --scope staged --mode in-place
Shareable exportcd {{skill_dir}}/src && python3 -m vibe_sanitizer.cli export --root {{repo_dir}} --scope tracked --output ../safe-share
Starter configcd {{skill_dir}}/src && python3 -m vibe_sanitizer.cli init-config --path {{repo_dir}}/.vibe-sanitizer.yml

Guardrails

RuleRequirement
Secret handlingNever paste full secrets or full local paths into the response
ReportingPrefer masked snippets such as sk-***abcd
ScopePrefer the narrowest scope that answers the request
In-place rewriteDo not auto-rewrite review-required findings unless explicitly requested
ExportDo not export into a directory inside the source repository
Repo modelDo not treat an exported copy as the default replacement for the main repo
Runtime assumptionDo not assume a global vibe_sanitizer install when bundled source exists

Agent Response Style

IncludeAvoid
Scope usedRaw credentials
Counts by severity when usefulFull local machine paths
Grouping by file when usefulUnnecessary command noise
Which findings are fixableImplying review-required findings were auto-fixed
Which findings need manual review

Supported CLI Commands

CommandPurpose
scanReport findings
sanitizeRewrite only safe findings in place
exportCreate a separate sanitized copy
init-configCreate a starter config file

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

Canonry Setup

Agent-first AEO operating platform.

Registry SourceRecently Updated
4151arberx
Automation

Pilot Service Agents Entertainment

Games, manga/anime, trivia, and fandom APIs — PokeAPI, Jikan, CheapShark, misc. Use this skill when: 1. Pokémon / PokeAPI lookups 2. Anime or manga metadata...

Registry SourceRecently Updated
90teoslayer
Automation

Pilot Service Agents Economics

Macroeconomic indicators — IMF DataMapper, World Bank, Eurostat SDMX, Coinbase reference prices. Use this skill when: 1. Country-level GDP, inflation, or une...

Registry SourceRecently Updated
120teoslayer
Automation

Pilot Service Agents Flights

Aircraft tracking and aviation weather — ADS-B feeds (ICAO + bbox), airport directory, METAR/TAF/SIGMET. Use this skill when: 1. Live aircraft positions by I...

Registry SourceRecently Updated
130teoslayer