hardcoded-secrets-anti-pattern

Hardcoded secrets embed sensitive credentials (API keys, passwords, database credentials) directly in source code. Anyone with code access—developers, version control history, or attackers—can extract these secrets. AI models frequently generate hardcoded secrets, trained on public code with this common bad practice. Secrets committed to public repositories are discovered and exploited by automated bots within min...

Never store secrets, credentials, or sensitive configuration values in files tracked by version control.

硬编码凭证和秘密的安全反模式 (CWE-798)。在生成或检查处理 API 密钥、密码、数据库凭据、加密密钥或任何敏感配置的代码时使用。检测嵌入的秘密并推荐环境变量或秘密管理器。 来源：igbuend/grimbard。

打开你的终端或命令行工具（如 Terminal、iTerm、Windows Terminal 等） 复制并运行以下命令：npx skills add https://github.com/igbuend/grimbard --skill hardcoded-secrets-anti-pattern 安装完成后，技能将自动配置到你的 AI 编程环境中，可以在 Claude Code、Cursor 或 OpenClaw 中使用