- Home
- Skills
- Daymade
- Claude Code Skills
- Repomix Safe Mixer
repomix-safe-mixer_skill
- Python
609
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill daymade/claude-code-skills --skill repomix-safe-mixer- SKILL.md7.7 KB
Overview
This skill safely packages codebases with repomix by automatically detecting and removing hardcoded credentials before packing. It prevents accidental secret leaks by scanning project files, reporting findings with file/line details, and blocking packaging until issues are resolved. Use it to produce distribution-ready packages that do not contain embedded API keys, tokens, or private keys.
How this skill works
The tool provides two scripts: a full workflow (scan → report → pack) and a standalone scanner. The scanner searches for common secret patterns (cloud provider keys, API keys, JWTs, private keys, etc.), respects exclude patterns, and emits human-readable or JSON results. If the scan is clean, the skill invokes repomix to create the package; if secrets are found, packaging is blocked until remediation or a forced override is used.
When to use it
- Packaging code for distribution or public release with repomix
- Creating reference or example packages that must not contain live credentials
- Pre-commit or CI checks to block commits containing hardcoded secrets
- Auditing a repository before sharing with collaborators or third parties
- Verifying cleanup after replacing credentials with environment variables
Best practices
- Replace hardcoded credentials with environment variables and provide a .env.example
- Run the scanner in CI or pre-commit hooks to prevent accidental commits
- Use exclude patterns to skip test/example files that legitimately contain placeholders
- Always manually review findings; the scanner can produce false positives
- Rotate and revoke any credentials that were previously exposed
Example use cases
- Run python3 scripts/safe_pack.py ./project to scan and pack in one step
- Use python3 scripts/scan_secrets.py . --json in CI to block builds with secrets
- Scan a repo, replace keys with import.meta.env or process.env, then re-scan before packaging
- Generate a .env.example from detected keys to document required runtime variables
- Force a package only after conscious review (not recommended) with --force
FAQ
It detects common patterns: cloud provider keys (AWS, Supabase, Cloudflare), API keys (Stripe, OpenAI, Google), JWTs, private keys, OAuth secrets, and generic API tokens.
Can I skip scanning for certain files?
Yes. Use --exclude with regex patterns to skip test, example, or other files you expect to contain placeholders.
Does the scanner remove secrets automatically?
No. It reports findings and blocks packaging. You should replace secrets with env variables or placeholders, then re-run the scanner before packaging.