Does this skill catch hardcoded passwords in config files?

Yes, it scans configuration files like .env, database.yml, and settings.json for common credential patterns and high-entropy strings.

When is the best time to use this skill?

It is best used proactively before committing changes to Git or deploying code to production to ensure no sensitive data is leaked into your history or environment.

What happens if the scanner finds a secret?

Claude will generate a detailed report showing the file and line location of the secret and provide remediation advice, such as using environment variables or secret management tools.

How does the Secret Scanner find credentials?

The skill uses a combination of predefined pattern matching (regex) for known services like AWS and entropy analysis to identify high-randomness strings that typically represent private keys or passwords.

Can it detect specific provider keys like AWS or Google Cloud?

Yes, it is specifically configured to recognize patterns for major cloud providers, including AWS Access Keys, Google Cloud APIs, and Azure credentials.

Secret & Credential Scanner

Name: Secret & Credential Scanner
Author: intent-solutions-io

byintent-solutions-io

0•

Security & Testing

Identifies and remediates exposed API keys, passwords, and sensitive credentials within your codebase using advanced pattern matching and entropy analysis.

The Secret & Credential Scanner skill empowers Claude to proactively secure your development environment by scanning for hardcoded secrets such as AWS keys, database passwords, and private SSH keys. By utilizing both regex-based pattern matching and entropy analysis, it detects potential security vulnerabilities before they are committed to version control. This skill provides detailed reports with specific file locations and actionable remediation steps, ensuring that sensitive information is properly managed through environment variables or secure vaults instead of plaintext files.

Key Features

01Entropy analysis to identify non-standard passwords and secrets

02Comprehensive vulnerability reporting with exact file locations

030 GitHub stars

04Pattern-based detection for common API keys (AWS, Google, Azure)

05Actionable remediation guidance for revoking and securing keys

06Proactive scanning to prevent accidental credential leakage

Use Cases

01Auditing a repository for accidentally committed cloud provider credentials

02Identifying exposed private SSH or PGP keys before deploying to production

03Checking configuration files for hardcoded database passwords during a migration

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add intent-solutions-io/plugins-nixtla skill-adapter

For use in Claude.ai and ChatGPT

Download Skill