1. Skill Overview
This skill is dedicated to triaging alerts generated by GitHub Secret Scanning. When GitHub detects plaintext credentials (Discord Bot Tokens, Feishu App Secrets, etc.) committed or posted in repository content, it delivers a complete remediation workflow: identify leak locations, redact or delete sensitive material, erase edit history traces, notify affected users, and finally resolve the security alert.
Core Principles:
- All notification messages and replacement comments must be written in English only
- Maintainer-only permission requirement: Repository admin/maintainer privileges are mandatory to edit/delete third-party comments and resolve alerts
- All mechanical operations are script-driven: Every API call, temporary file management, and security enforcement logic is handled by
secret-scanning.mjs
2. Core Capabilities
2.1 Alert Discovery & Content Retrieval
The skill first lists all open unresolved alerts, then fetches metadata and exact leak locations for a target alert:
# List all unresolved open secret scanning alerts
node secret-scanning.mjs list-open
# Fetch metadata and leak locations for a specific alert ID
node secret-scanning.mjs fetch-alert <alert_number>
# Pull full content from a single leak location, save raw text to temp file
node secret-scanning.mjs fetch-content '<location_json>'
Output fields from
fetch-content:body_file: Absolute path to temp file holding full raw contentauthor: Username of the content creatorissue_number / pr_number: Parent Issue or Pull Request identifieredit_history_count: Existing edit revision count for the target contenttype: Location classification used to route subsequent remediation logic
2. Location Type Routing Matrix
Distinct remediation workflows are enforced per content location type:
| Location Type | Remediation Logic |
|---|---|
issue_comment |
Delete original comment, rebuild redacted replacement |
pull_request_comment |
Delete original comment, rebuild redacted replacement |
pull_request_review_comment |
Delete original comment, rebuild redacted replacement |
discussion_comment |
Delete + rebuild Discussion thread comment via GraphQL |
issue_body |
In-place redaction via PATCH update |
pull_request_body |
In-place redaction via PATCH update |
commit |
Send user notification only; no cleanup possible |
other |
Skip remediation, log to final summary report |
2.2 Analysis & Redaction (Only Semantic Reasoning Step)
The Agent reads the raw temp file output from
fetch-content and executes this sequence:- Identify all embedded credentials in the text (not only the single token flagged by the alert)
- Verify whether unredacted plaintext secrets still exist in the current live content
- Replace every full credential instance with static placeholder
[REDACTED]— no partial values, prefixes, or suffixes retained - Write fully sanitized text to a new dedicated temp file
Special rule for
issue_body / pull_request_body: If the original author has already manually redacted all credentials with no plaintext remaining, skip public notification comments and resolve the alert silently with an internal maintainer-only note.2.3 Comment Remediation: Delete + Rebuild (Wipes Entire Edit History)
For all comment-type locations (issue comments, PR thread comments, review comments):
- In-place PATCH redaction is forbidden; full delete + rebuild is mandatory
- Step 1: Delete the original comment, erasing all historical edit revisions entirely
- Step 2: Post a brand-new replacement comment containing the sanitized redacted text
Standard template for rebuilt replacement comments:
Note: The original comment by @{author} has been removed due to secret leakage. Below is the redacted version of the original content.
For Discussion thread comments, GraphQL API endpoints are used for deletion and reinsertion to preserve the original reply thread position.
2.4 Issue / PR Body In-Place Redaction (Edit History Limitation)
For
issue_body and pull_request_body:- Run the
redact-body-if-neededsubcommand to apply inline sanitization via PATCH API⚠️ Critical Limitation: The edit operation creates a historical revision containing the original plaintext secrets, and there is no API method to purge old edit history versions. - Never publicly advise authors to delete/recreate the Issue or close/reopen the PR — this draws unwanted attention to archived secret-containing history
- All guidance about edit history risks is printed exclusively to the maintainer terminal; never included in public-facing comments
Terminal-only maintainer warning output:
⚠️ Issue/PR body edit history still contains plaintext secrets. Contact GitHub Support to purge: https://support.github.com/contact[reference:17]
Hard Rule: Never reference edit history, "edited" buttons, or historical revisions in any public comment or resolution note attached to the alert.
2.5 User Notification Logic
For
issue_body / pull_request_body: Send a notification comment only if unredacted secrets were still present and the maintainer performed sanitization. If the author self-redacted all credentials, skip notification and resolve the alert silently.Automatically selected notification templates mapped to location types:
- Comment types: Template referencing "your comment … removed and replaced"
- Body types: Template referencing "your issue/PR description … redacted in place"
- Commit types: Template referencing "code you committed"
2.6 Resolve Closed Alert
# Default resolution reason: revoked
node secret-scanning.mjs resolve <alert_number>
# Custom resolution note
node secret-scanning.mjs resolve <alert_number> revoked "Custom comment"
Definition of
revoked: The credential is deemed compromised, not a confirmation that the user has rotated the secret. The maintainer’s responsibility is limited to removing live plaintext exposure and notifying the affected user; verifying credential rotation falls outside this skill’s scope.2.7 Final Summary Report
After full remediation completes, export structured JSON results and feed into the summary subcommand:
node secret-scanning.mjs summary /tmp/results.json
The script outputs a bounded result block marked
---BEGIN SUMMARY--- and ---END SUMMARY---. The block must be printed verbatim with no rephrasing, reformatting, abbreviation, or custom rewritten summaries.3. Primary Use Cases
- Triage GitHub Secret Scanning alerts: Rapid end-to-end remediation when plaintext credentials are detected in repository content
- Comment secret leak cleanup: Delete secret-bearing comments and rebuild sanitized versions to fully eliminate edit history traces
- Issue/PR body secret redaction: Apply inline sanitization and inform maintainers of required GitHub Support contact to purge historical edit revisions
- Affected user notification: Automatically send standardized English notifications to users who posted leaked credentials
- Batch alert processing: Handle alerts sequentially in ascending order, with optional bulk batch execution on explicit user request
- Maintainer privileged operations: All comment deletion, content rebuilding, and alert resolution actions require repository maintainer/admin permissions
4. Mandatory Security Enforcement Rules
| Rule | Specification |
|---|---|
| Separation of duties | Agent only parses text, identifies secrets, and generates redacted content; all mutating API work is delegated to the script |
| Zero secret exposure | No fragments of any credential appear in public comments, redaction markers, or terminal output logs |
| Conceal alert metadata | Alert URLs and numeric alert IDs are never printed in public comments |
| Comment remediation policy | Skip inline PATCH edits for comments; full DELETE + rebuild is mandatory to avoid persistent edit history |
| Edit history confidentiality | Never mention edit history, "edited" UI controls, or commit SHA values in any public-facing text |
| Deletion confirmation gate | Explicit confirmation is required before deleting any user comment |
| Sequential alert handling | Process alerts one at a time unless bulk batch processing is explicitly requested |
| English-only public text | All automated notification and replacement comments use English exclusively |
| Unsupported type logging | Skip unsupported location categories and log the omission clearly in the final summary |
Summary
OpenClaw Secret Scanning Maintainer is a dedicated maintainer skill for responding to GitHub Secret Scanning security alerts within the OpenClaw repository. It implements a full closed-loop workflow: alert enumeration, raw content retrieval, automated credential redaction, comment deletion & reconstruction, inline Issue/PR body sanitization, standardized user notification, and formal alert resolution. It combines scripted automated API operations with lightweight semantic analysis by the Agent to fully eliminate live plaintext secret exposure, while enforcing strict security guardrails prohibiting disclosure of credential fragments, alert identifiers, and sensitive edit history details. This skill is designed for OpenClaw maintainers to triage and remediate secret leak alerts triggered by GitHub’s automated secret scanning feature.