Can it detect keys for specific cloud providers?

Yes, it is pre-configured to recognize patterns for major cloud providers including AWS, Azure, and Google Cloud, as well as common SaaS API keys.

How does the Secret Scanner find exposed credentials?

It uses a combination of regex-based pattern matching for known service keys (like AWS or Stripe) and entropy analysis to identify high-randomness strings likely to be passwords or private keys.

Does this skill automatically remove the found secrets?

No, it identifies the locations and provides remediation steps so you can safely rotate or remove the secrets manually without breaking your application.

When is the best time to use the secret-scanner skill?

It is best used proactively before committing changes to version control, during security reviews, or when onboarding a new codebase.

Secret & Credential Scanner

Name: Secret & Credential Scanner
Author: BbgnsurfTech

byBbgnsurfTech

•

セキュリティとテスト

Identifies and remediates exposed secrets, API keys, and credentials within codebases using advanced pattern matching and entropy analysis.

The Secret & Credential Scanner skill empowers Claude to perform deep security audits of your repositories to prevent sensitive data leaks. By scanning for hardcoded passwords, AWS keys, private SSH keys, and other sensitive credentials, it helps developers catch vulnerabilities before they are committed to version control or deployed to production. It provides actionable reports that pinpoint exact file locations and offer clear remediation strategies, ensuring your applications remain secure and compliant with modern security standards.

主な機能

01Comprehensive security reporting with precise file path locations

023 GitHub stars

03Entropy analysis to detect high-randomness strings and potential passwords

04Targeted scanning of configuration files, scripts, and environment variables

05Advanced pattern matching for common API keys and service credentials

06Proactive remediation guidance for revoking and rotating secrets

ユースケース

01Identifying hardcoded passwords in legacy configuration and environment files

02Auditing a repository before making a public commit or production deployment

03Scanning for accidental inclusions of private SSH, PGP, or SSL keys

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bbgnsurftech/claude-skills-collection secret-scanner

For use in Claude.ai and ChatGPT

Download Skill