Secret Scanning & Rotation Planner

Updated May 13, 2026

What this skill does

Scans GitHub repositories for exposed secrets including API keys, tokens, passwords, and certificates. Classifies each finding by severity and exposure window, then generates a prioritized rotation plan with step-by-step remediation instructions and prevention recommendations.

Example

PROMPT

Organization: 45 repositories across a microservices architecture Context: Preparing for quarterly security audit, need to scan entire org Repos: Mix of Node.js, Python, Go services with shared infra Concern: Past incidents of accidental key commits, want full inventory

OUTPUT

Secret Scanning Report — 45 Repositories EXECUTIVE SUMMARY Total Findings: 23 secrets across 12 repos Critical: 4 (AWS keys, Slack tokens) High: 7 (API keys, JWT signing keys) Medium: 8 (Database URLs, internal tokens) Low: 4 (Development keys in .env.example samples) Longest Exposure: AWS key in payment-service — 18 months (git history) FINDINGS BY SECRET TYPE | Type | Count | Severity | Sample Repos | |----------------|-------|----------|--------------------------------------| | AWS Keys | 5 | Critical | payment-service, deploy-scripts | | Slack Tokens | 3 | Critical | slack-bot, notifications | | Stripe Keys | 2 | High | payment-service | | JWT Secrets | 4 | High | auth-service, api-gateway | | DB Credentials | 6 | Medium | user-service, analytics | | Internal APIs | 3 | Medium | order-service, inventory | ROTATION PLAN (Prioritized) 1. [P0] AWS keys — Revoke in IAM, rotate within 24h, redeploy 3 services 2. [P0] Slack tokens — Regenerate in Slack admin, update 2 bots 3. [P1] Stripe keys — Rotate in Dashboard, update env vars 4. [P1] JWT secrets — Generate new, coordinate auth-service rollout Generated: Rotation playbook (15 steps), git filter-repo commands, prevention checklist

Required Tools

GitHub

Compatible Agents

Claude

Cursor

Windsurf

ChatGPT

GitHub Copilot

Any MCP-compatible agent

Add to your agent

Download Skill

Or install via CLI:
$ npx skills add webrix-ai/agent-skills --skill secret-scanning-rotation-planner

Deploy Org-wide

Provision to teams via RBAC

Identity-aware execution

Signed & verified skills

Full audit trail

Auto-bundled with required MCP servers

Use with

Free for up to 5 users

Related Skills

Abandoned Cart Recovery

Detects abandoned carts and triggers recovery workflows including email sequences, discount offers, and retargeting campaigns. Analyzes cart abandonment patterns to identify friction points in the checkout flow. Tracks recovery rate and revenue recaptured.

A/B Testing

Helps design statistically rigorous A/B tests for marketing campaigns, landing pages, and product features. Calculates required sample sizes, defines success metrics, sets up test variants, and analyzes results with confidence intervals. Prevents common testing mistakes like peeking and underpowered tests.

AI Adoption Dashboard Builder

Creates a multi-tab analytics dashboard for tracking AI tool adoption across your engineering organization. Includes executive KPIs, team-level adoption curves, per-tool usage breakdowns, productivity impact comparisons, and cost tracking. Optionally generates a Grafana dashboard JSON for real-time monitoring.

AI Adoption Readiness Assessment

A structured assessment framework that scores your organization across five critical dimensions of AI readiness. Produces an actionable scorecard with prioritized recommendations, a detailed gap analysis spreadsheet, and optional Jira tickets to track remediation efforts.

Your agents are already in the wild.

Give them a Basecamp. Go from AI chaos to AI work, in minutes.

Get Started

See a Demo