Can I scan a specific directory instead of a skill?

Yes, you can use the command /scan-secrets --directory to audit any local folder on your machine.

Does this skill automatically fix the secrets it finds?

No, it identifies the secrets and provides specific remediation guidance, such as how to move them to environment variables.

Why should I use this before pushing code?

Using it prevents the accidental exposure of credentials in public repositories, which can lead to unauthorized access or financial loss from leaked API keys.

What types of secrets can this skill detect?

It detects OpenAI, Anthropic, Google, and AWS keys, GitHub tokens, database connection strings, private keys, passwords, and personal file paths.

How do I handle false positives in the scan results?

The scanner includes an allowlist for known safe patterns, and you can use the --force-secrets flag in commit messages for rare exceptions.

Secrets Scanner

Name: Secrets Scanner
Author: nkrebs13

bynkrebs13

0•

Seguridad y Pruebas

Scans code and skills for sensitive credentials, API keys, and personal data to prevent accidental exposure.

Secrets Scanner is a specialized security utility for Claude Code designed to detect hardcoded sensitive information before it is committed or published. It automatically identifies a wide range of patterns including API keys for major providers like OpenAI and Anthropic, AWS credentials, database connection strings, and personal system paths. By providing categorized severity levels and actionable remediation advice, this skill acts as a critical safety net for developers, ensuring that private credentials remain secure and compliant with security best practices.

Características Principales

01Scans specific skills, local directories, or entire repositories

02Detects multi-provider API keys including OpenAI, Anthropic, and AWS

03Supports pattern allowlisting and force-bypass for false positives

04Identifies hardcoded passwords, tokens, and database connection strings

05Categorizes findings by severity with detailed remediation tips

060 GitHub stars

Casos de Uso

01Auditing a new skill for sensitive data before pushing to a public repository

02Scanning a local project directory for hardcoded environment variables

03Preventing accidental exposure of personal macOS or Linux system paths

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nkrebs13/claudecodeskills scan-secrets

For use in Claude.ai and ChatGPT

Download Skill