repomix-safe-mixer_skill

This skill safely packages codebases with repomix by detecting and removing hardcoded credentials before distribution.
  • Python

609

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill daymade/claude-code-skills --skill repomix-safe-mixer

  • SKILL.md7.7 KB

Overview

This skill safely packages codebases with repomix by automatically detecting and removing hardcoded credentials before packing. It prevents accidental secret leaks by scanning project files, reporting findings with file/line details, and blocking packaging until issues are resolved. Use it to produce distribution-ready packages that do not contain embedded API keys, tokens, or private keys.

How this skill works

The tool provides two scripts: a full workflow (scan → report → pack) and a standalone scanner. The scanner searches for common secret patterns (cloud provider keys, API keys, JWTs, private keys, etc.), respects exclude patterns, and emits human-readable or JSON results. If the scan is clean, the skill invokes repomix to create the package; if secrets are found, packaging is blocked until remediation or a forced override is used.

When to use it

  • Packaging code for distribution or public release with repomix
  • Creating reference or example packages that must not contain live credentials
  • Pre-commit or CI checks to block commits containing hardcoded secrets
  • Auditing a repository before sharing with collaborators or third parties
  • Verifying cleanup after replacing credentials with environment variables

Best practices

  • Replace hardcoded credentials with environment variables and provide a .env.example
  • Run the scanner in CI or pre-commit hooks to prevent accidental commits
  • Use exclude patterns to skip test/example files that legitimately contain placeholders
  • Always manually review findings; the scanner can produce false positives
  • Rotate and revoke any credentials that were previously exposed

Example use cases

  • Run python3 scripts/safe_pack.py ./project to scan and pack in one step
  • Use python3 scripts/scan_secrets.py . --json in CI to block builds with secrets
  • Scan a repo, replace keys with import.meta.env or process.env, then re-scan before packaging
  • Generate a .env.example from detected keys to document required runtime variables
  • Force a package only after conscious review (not recommended) with --force

FAQ

It detects common patterns: cloud provider keys (AWS, Supabase, Cloudflare), API keys (Stripe, OpenAI, Google), JWTs, private keys, OAuth secrets, and generic API tokens.

Can I skip scanning for certain files?

Yes. Use --exclude with regex patterns to skip test, example, or other files you expect to contain placeholders.

Does the scanner remove secrets automatically?

No. It reports findings and blocks packaging. You should replace secrets with env variables or placeholders, then re-run the scanner before packaging.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational