How does this skill detect secrets without a known format?

It uses entropy analysis to identify strings with high randomness, which often indicates the presence of encrypted keys or generated passwords even if they don't match a standard regex.

Does it provide instructions on how to fix a detected leak?

Yes, the skill generates a report that includes suggested remediation steps, such as revoking the compromised key and migrating to environment variables.

Which file types can the Secret Scanner analyze?

The skill can scan any text-based file, including configuration files like .env, .yaml, and .json, as well as source code and shell scripts.

Can I use this to prevent secrets from being committed to Git?

Yes, you can trigger this skill as part of your pre-commit routine to ensure no sensitive data is added to your version control history.

Secret Scanner

Name: Secret Scanner
Author: jeremylongshore

byjeremylongshore

•

883

•

Security & Testing

Scans codebases for exposed API keys, passwords, and sensitive credentials using advanced pattern matching and entropy analysis.

The Secret Scanner skill empowers Claude to proactively secure your development environment by identifying hardcoded secrets like AWS keys, database passwords, and private SSH keys. By utilizing both regex pattern matching and high-entropy string detection, it provides comprehensive coverage across various file types and configuration scripts, generating detailed remediation reports to ensure sensitive data is never committed to version control or deployed to production environments.

Key Features

01Comprehensive scanning across configuration files, .env files, and scripts

02883 GitHub stars

03Detailed security reporting with file paths and line numbers

04Automated pattern matching for major cloud providers like AWS, GCP, and Azure

05Entropy-based detection for non-standard passwords and private keys

06Proactive remediation guidance to move secrets to secure environment variables

Use Cases

01Identifying private SSH or PGP keys hidden within project directories

02Auditing legacy projects for hardcoded database passwords and API tokens

03Detecting accidentally committed cloud credentials before a repository push

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills secret-scanner

For use in Claude.ai and ChatGPT

Key Features

01Comprehensive scanning across configuration files, .env files, and scripts

02883 GitHub stars

03Detailed security reporting with file paths and line numbers

04Automated pattern matching for major cloud providers like AWS, GCP, and Azure

05Entropy-based detection for non-standard passwords and private keys

06Proactive remediation guidance to move secrets to secure environment variables

Use Cases

01Identifying private SSH or PGP keys hidden within project directories

02Auditing legacy projects for hardcoded database passwords and API tokens

03Detecting accidentally committed cloud credentials before a repository push

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills secret-scanner

For use in Claude.ai and ChatGPT