hardcoded-secrets-anti-pattern

Hardcoded secrets embed sensitive credentials (API keys, passwords, database credentials) directly in source code. Anyone with code access—developers, version control history, or attackers—can extract these secrets. AI models frequently generate hardcoded secrets, trained on public code with this common bad practice. Secrets committed to public repositories are discovered and exploited by automated bots within min...

Never store secrets, credentials, or sensitive configuration values in files tracked by version control.

硬編碼憑證和秘密的安全反模式 (CWE-798)。在產生或檢查處理 API 金鑰、密碼、資料庫憑證、加密金鑰或任何敏感配置的程式碼時使用。偵測嵌入的秘密並推薦環境變數或秘密管理器。 來源：igbuend/grimbard。

開啟你的終端機或命令列工具（如 Terminal、iTerm、Windows Terminal 等） 複製並執行以下指令：npx skills add https://github.com/igbuend/grimbard --skill hardcoded-secrets-anti-pattern 安裝完成後，技能將自動設定到你的 AI 程式設計環境中，可以在 Claude Code、Cursor 或 OpenClaw 中使用