Spaces:
Running
Running
feat(agent): add Claude Code-style agent, skills, slash-commands, hooks, todos, sandboxed workspace, and full-stack scaffolding
81aa0b5 verified | name: warn-secrets-in-code | |
| enabled: true | |
| event: file | |
| pattern: (API_KEY|SECRET|TOKEN|PASSWORD)\s*=\s*["'][^"']+["'] | |
| action: warn | |
| ๐ **Possible hardcoded secret detected** | |
| Hardcoded credentials are a security risk. Use environment variables instead: | |
| ```python | |
| import os | |
| api_key = os.environ.get("API_KEY") | |
| ``` | |
| ```javascript | |
| const apiKey = process.env.API_KEY; | |
| ``` | |
| Make sure to add the real secret to `.env` (and `.env` to `.gitignore`). | |