A 12-point pre-commit hook and Claude Code skill that blocks secrets, credentials, and sensitive data from being committed to git.
| # | Check | Severity |
|---|---|---|
| 1 | Full file audit | info |
| 2 | Private keys / mnemonics | block |
| 3 | API keys / tokens / secrets | block |
| 4 | .env files |
block |
| 5 | .mcp.json files |
block |
| 6 | config.json with secrets |
block/warn |
| 7 | Plaintext passwords | block |
| 8 | RPC URLs with embedded keys | block |
| 9 | Wallet addresses in non-test files | warn |
| 10 | console.log leaking sensitive data |
warn |
| 11 | .gitignore coverage gaps |
block |
| 12 | Test files with real credentials | block |
npx skills add vxcozy/sanitizeThis installs the /sanitize slash command into your project. Works with any tool that supports the Agent Skills standard.
git clone https://github.com/vxcozy/sanitize.git
./sanitize/scripts/install-hooks.sh /path/to/your/repo
# Or multiple repos at once
./sanitize/scripts/install-hooks.sh ./repo-a ./repo-b ./repo-cThe hook runs automatically on every git commit. Bypass with git commit --no-verify when needed.
MIT