How does the Secret Scanner find keys not defined by standard patterns?

It uses entropy analysis to identify high-randomness strings that typically represent unique passwords, private keys, or custom tokens that don't follow a standard format.

Does it provide instructions on how to fix the security issues?

The skill generates a detailed report that includes specific remediation steps, such as revoking the compromised key and moving secrets to secure environment variables.

When is the best time to run a secret scan?

It is best practice to run a scan before every major commit, during code reviews, or whenever you are auditing a legacy repository for the first time.

Can I use this for AWS and Google Cloud keys?

Yes, the skill includes specific pattern matching for major cloud provider credentials including AWS Access Keys, Google Cloud APIs, and Azure tokens.

Secret Scanner

Name: Secret Scanner
Author: intent-solutions-io

byintent-solutions-io

0•

セキュリティとテスト

Identifies and remediates exposed API keys, passwords, and sensitive credentials within your codebase using advanced pattern matching and entropy analysis.

The Secret Scanner skill empowers Claude to proactively secure your repository by detecting hardcoded secrets before they reach version control or production environments. By combining regex-based pattern matching for known services like AWS or Google Cloud with high-entropy analysis for unique passwords and private keys, it provides a comprehensive security audit. This skill is essential for maintaining compliance, preventing unauthorized access, and automating the identification of sensitive data across configuration files, environment variables, and source code.

主な機能

01Automated pattern matching for major cloud provider API keys

02Entropy analysis to detect unique passwords and private keys

03Support for scanning configuration files and environment variables

04Detailed vulnerability reporting with specific file locations

05Proactive remediation guidance for rotating exposed secrets

060 GitHub stars

ユースケース

01Scanning legacy codebases for forgotten hardcoded passwords

02Pre-commit security audits to prevent leaking credentials to version control

03Auditing configuration files for sensitive data before cloud deployment

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add intent-solutions-io/plugins-nixtla secret-scanner

For use in Claude.ai and ChatGPT

Download Skill