Is it effective against private SSH keys?

Yes, it is configured to recognize common formats for SSH, PGP, and other private key types that should never be stored in plain text within a repository.

Can it scan configuration files like .env?

Yes, the skill is designed to analyze configuration files, environment templates, and manifest files where credentials are most commonly leaked.

How do I trigger a secret scan with Claude?

You can activate the skill by asking Claude phrases like 'scan for secrets', 'check for exposed credentials', or 'find API keys' in your current project directory.

Does it provide remediation advice?

Yes, for every secret detected, the skill generates a report highlighting the file location and suggesting specific steps such as revoking the key or migrating to environment variables.

How does Secret Scanner identify sensitive keys?

It uses a combination of regex pattern matching for known services like AWS and Azure, alongside entropy analysis to flag high-randomness strings that likely represent private keys or passwords.

Secret Scanner

Name: Secret Scanner
Author: jeremylongshore

byjeremylongshore

•

883

•

Seguridad y Pruebas

Scans your codebase for exposed API keys, credentials, and sensitive secrets using pattern matching and entropy analysis.

The Secret Scanner skill empowers Claude to proactively identify critical security vulnerabilities by auditing your source code and configuration files for hardcoded passwords, private keys, and cloud provider credentials. By combining precise regex pattern matching with advanced entropy analysis, it detects both standard service keys (like AWS or Google Cloud) and non-standard sensitive strings, allowing developers to remediate risks before they are committed to version control or deployed to production.

Características Principales

01Pattern-based detection for popular cloud API keys and services

02Entropy analysis to identify high-randomness strings and hidden secrets

03Detailed vulnerability reporting with exact file locations

04Actionable remediation advice for revoking and securing found credentials

05Automated scanning of configuration files and environment templates

06883 GitHub stars

Casos de Uso

01Auditing a legacy repository for hardcoded database credentials

02Verifying a codebase is clean before publishing to a public repository

03Automated security checking during the pre-commit or code review process

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills secret-scanner

For use in Claude.ai and ChatGPT

Download Skill