This wraps repomix packaging with automatic credential scanning to prevent you from accidentally sharing API keys and secrets in your code bundles. It blocks the pack operation if it detects patterns like AWS keys, Supabase URLs, JWTs, or Stripe tokens, giving you file and line locations to clean up first. The workflow is straightforward: run safe_pack.py on your directory and it either packages cleanly or stops and shows you what needs fixing. It's particularly smart about skipping false positives like placeholder text and environment variable references. Honestly, this should probably be the default way to run repomix if you're sharing packages with anyone, since it's too easy to miss a hardcoded credential buried in a large codebase.
npx skills add https://github.com/daymade/claude-code-skills --skill repomix-safe-mixer