← Back to Skills

Open Source Checker

🌐Community
by shipshitdev · vlatest · Repository

This tool quickly verifies if a project’s code is truly open source, safeguarding against licensing issues and ensuring ethical development practices.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add open-source-checker npx -- -y @trustedskills/open-source-checker
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "open-source-checker": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/open-source-checker"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill helps AI agents identify and prevent sensitive information, such as API keys, database credentials, and personal data, from being exposed in codebases before open sourcing a repository. It focuses on scanning files, analyzing code for hardcoded secrets, and critically examining the entire git history, including branches, tags, and deleted files. The skill utilizes tools like gitleaks, truffleHog, and git-secrets to ensure thorough detection and prevent future commits containing sensitive data.

When to use it

  • Preparing a repository for open source release.
  • Reviewing code for exposed secrets or sensitive information.
  • Auditing a codebase before public release.
  • Setting up pre-commit hooks to automatically detect secrets.
  • Performing security audits of existing projects.

Key capabilities

  • File Scanning: Detects secret files and patterns within the project.
  • Code Analysis: Searches for hardcoded secrets directly in code.
  • Git History Scanning: Examines all branches, tags, and deleted files to uncover previously committed secrets.
  • Tool Integration: Leverages tools like gitleaks, truffleHog, git-secrets, and detect-secrets.
  • Pre-Commit Hook Setup: Facilitates the creation of hooks to prevent future commits containing sensitive data.

Example prompts

  • "Scan this repository for exposed API keys."
  • "Review the code in [file path] for any hardcoded database credentials."
  • "Perform a full scan of the git history for secrets, including deleted files."
  • “Set up pre-commit hooks to prevent accidental commits with sensitive data.”

Tips & gotchas

  • Git History is Crucial: Secrets remain in git history even after deletion, so thorough scanning of all branches and tags is essential.
  • .env Files: Ensure .env files are properly ignored by Git to prevent them from being committed.
  • Cleanup Required: If secrets have already been committed, use tools like git-filter-repo to remove them from the repository's history.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
shipshitdev
Installs
54
Repository (canonical source) →

🌐 Community

Passed automated security scans.