Skills
OpenClaw Secret Scanning Maintainer: A Narrowly Scoped
OpenClaw's secret-scanning-maintainer skill automates triaging and redacting GitHub secret alerts, but zero marketplace installs and no ratings signal no real adoption. Useful only for OpenClaw repo maintainers; too narrow for broad use.
An agentskill is a packaged workflow recipe for Claude Code, installed into .claude/skills/<owner>/<skill-name>/SKILL.md and triggered by agent-readable descriptions. This post reviews one specific skill from the agentskill.sh marketplace: OpenClaw’s secret-scanning-maintainer, which claims to “triage, redact, clean up, and resolve OpenClaw GitHub Secret Scanning alerts.”
Marketplace Signal: Zero Adoption, High Hygiene
| Metric | Value | Signal |
|---|---|---|
| Installs | 0 | No adoption in the wild |
| Agent ratings | 0 | Never rated post-execution |
| Security score | 99/100 | Code hygiene is strong |
| Content quality | 75/100 | Documentation is competent but narrow |
| GitHub stars (upstream) | 374,232 | OpenClaw repo is large |
| Last updated | 2026-06-02 | Recent, maintained |
The numbers tell a cautionary story. This skill has a fortress-like security profile, no reviews from actual users, and no installation history. Zero installs in a marketplace of thousands of agents signals either unfamiliarity or limited utility.
What the Skill Does
The skill wraps a Node.js script (secret-scanning.mjs) that orchestrates a seven-step workflow for each GitHub secret-scanning alert:
- Identify: Fetch alert metadata and content (body file or comment).
- Decide: Agent reads the body, identifies remaining plaintext secrets, and produces a redacted version.
- Redact: Modify issue/PR body in place; skip for comments (will delete instead).
- Purge: Delete compromised comments and recreate them redacted. Cannot purge edit history from body edits.
- Notify: Post a public notification comment (branched by location type), unless the body is already redacted.
- Resolve: Close the alert in GitHub’s security dashboard.
- Summary: Print formatted results.
The script handles four comment types (issue comment, PR comment, PR review comment, discussion comment) plus two body types (issue body, PR body), with special routing for commits (notify only, no purge possible).
Platform and Installation
- Platform: openclaw (hardcoded to OpenClaw repo only)
- Installation path:
.claude/skills/openclaw/openclaw-secret-scanning-maintainer/SKILL.md - Trigger: Agent must provide a comma-separated list of secret-scanning alert numbers from
https://github.com/openclaw/openclaw/security/secret-scanning - Permissions required: Repo admin or maintainer (edit others’ comments, delete, resolve alerts)
- Auth: Assumes
GITHUB_TOKENwith repo and security-scanning write scope
Supporting files are single: the mjs script. No Python, no additional binaries, no third-party APIs beyond GitHub’s REST and GraphQL endpoints.
Declared Capabilities vs. Reality
| Capability | Supported | Caveat |
|---|---|---|
| Triage | Yes | Agent must read and interpret raw content |
| Redact | Yes | Inline redaction only; cannot purge edit history |
| Clean up | Partial | Comments deleted and recreated; bodies are only patched; edit history persists |
| Resolve | Yes | Closes alert via API |
| Notify | Yes | Public comments per location type; can be suppressed |
| Multiple alerts | Yes | Processes in ascending order |
The skill’s biggest gotcha is the edit history problem. When an issue or PR body is patched to redact a secret, GitHub keeps the old plaintext version in edit history. This cannot be cleared via API. The SKILL.md advises contacting GitHub Support, but that escalation is not automated. For comments, the skill deletes and recreates, fully purging history.
Scope and Audience
This skill is locked to the OpenClaw repository. The SKILL.md states plainly: “Use this skill when processing alerts from https://github.com/openclaw/openclaw/security/secret-scanning.” It does not parameterize the repo, owner, or token. Any attempt to use it against another GitHub org would require forking and rewriting the script.
The intended audience is OpenClaw’s maintainers. Given OpenClaw has 374,232 stars (a very large repository), one might expect frequent secret-scanning alerts and real adoption. Yet zero installs suggests either the problem is rare enough not to warrant agent automation, or the integration path is unclear.
Documentation and Developer Experience
The SKILL.md is thorough but assumes significant context. It covers the Node.js script, each API call signature, location-type routing, and step-by-step decision logic. However:
- No trigger examples: What does an agent prompt look like? The doc does not show a sample invocation.
- No error handling: What happens if the GitHub token lacks permissions, or an alert number is invalid?
- Implicit agent responsibility: The “Decide” step requires semantic understanding of what constitutes a secret. The SKILL.md says “identifies ALL secrets in the content” but does not show how an agent is expected to do this reliably.
- Language constraint: All comments must be English. No guidance on multi-language repos.
- Manual feedback loop: The skill supports auto-rating (POST to agentskill.sh), but human override via CLI is clunky.
When to Use This Skill vs. Alternatives
An agent automating secret-scanning cleanup has roughly three paths:
- Use this skill: Best if you are an OpenClaw maintainer and need fast, consistent redaction of comments and bodies.
- Manual GitHub UI: GitHub’s secret-scanning dashboard already supports comment deletion and alert resolution. Humans can do this in 2 minutes per alert.
- Custom agent without a skill: Build a one-off agent session that calls GitHub’s APIs directly, parameterized for your repo. This takes longer to build but works for any repo.
The skill saves time only if you process many alerts regularly and want a reusable, version-controlled workflow. For OpenClaw, that might be true. For a smaller repo with occasional secrets, the overhead of understanding the skill probably exceeds the benefit.
Known Failure Modes
- Zero installs: No production feedback. If the script has edge-case bugs (malformed GraphQL, permission errors, timeout handling), they are unknown.
- Untested at scale: The skill has never processed a large batch of alerts in parallel. Does it handle rate limits? Does the temp file cleanup work reliably?
- Hard-coded repo: Cannot be reused by other projects without significant modification.
- Content quality at 75/100: The documentation is strong on mechanics but weak on examples, error handling, and integration guidance.
- Edit history unpurgeable: A fundamental GitHub API limitation that the skill cannot overcome for body-level secrets.
Takeaways
OpenClaw’s secret-scanning-maintainer is a well-engineered, high-security skill that solves a real problem for a very narrow audience. Zero marketplace installs and zero ratings indicate it has never been tested in production by users outside the OpenClaw core team. The skill is best suited for OpenClaw maintainers processing frequent secret-scanning alerts; for other repositories or smaller projects, manual GitHub UI or a custom agent is likely cheaper in practice. The edit history limitation is a fundamental GitHub API constraint, not a flaw in the skill itself, but it is worth knowing before relying on redaction as a complete cleanup solution.
Further reading
- OpenClaw Secret Scanning Maintainer on agentskill.sh: The official marketplace listing, source repository link, and installation instructions.
- GitHub Secret Scanning API documentation: GitHub’s reference for secret-scanning alert retrieval and alert resolution.
- OpenClaw GitHub repository: The upstream project this skill targets, with 374K stars.
- Claude Code skills documentation: Official guide to installing and triggering skills in Claude Code sessions.
Frequently asked
What does this skill actually do?
It identifies GitHub secret-scanning alerts, redacts plaintext secrets from issue/PR bodies and comments, deletes compromised comments and recreates them redacted, and resolves the alert in GitHub's security dashboard. It handles multiple alert types: issue comments, PR comments, discussion comments, and issue/PR bodies.
Who should install this skill?
Only maintainers of the OpenClaw repository itself. The skill is hardcoded to work against OpenClaw's security-scanning endpoint. It has no generic secret-scanning capability for other repos.
Why does it have zero installs despite a 99/100 security score?
The skill's scope is too narrow (OpenClaw repo only) and its audience too small (OpenClaw maintainers). No adoption metrics, no public ratings, and no clear trigger pathway in agent workflows suggest it may never have been integrated into a real Claude Code session.
What are the main limitations?
Cannot purge edit history from issue/PR bodies (GitHub API limitation); requires repo admin permissions; hardcoded to English-language notifications; and the SKILL.md documentation assumes prior deep knowledge of GitHub's GraphQL and secret-scanning workflows.
How does this compare to manual secret handling?
It saves steps for each alert: fetch, read, decide, redact, delete, recreate, notify, resolve. But each alert requires agent judgment on what constitutes a secret and whether to post a public notification. It is not fully autonomous; it is a guided workflow tool.