hardcoded-credential-finder

Quick Review

This skill is severely under-specified. The description is circular and generic, merely repeating the skill name without explaining what it actually does (e.g., scan code for hardcoded passwords, API keys, tokens). There is no task knowledge provided—no scanning patterns, no tools to use (gitleaks, truffleHog, regex patterns), no implementation steps. While the structure is clear and simple, the skill provides almost no actionable content. A CLI agent would not know how to find hardcoded credentials based on this documentation. Novelty is low because the skill doesn't demonstrate any complex logic that would justify its existence over a simple prompt. To improve: define what constitutes a hardcoded credential, provide scanning patterns/regex, specify which files to scan, include detection logic or tool invocations, and show concrete examples of credential patterns to flag.