How does the Secret Scanner find keys that don't follow a specific pattern?

It uses entropy analysis to identify high-entropy strings that often represent cryptographic keys or random passwords, even if they don't match a predefined regex.

Can I use this skill to check my .env or config files?

Yes, the skill is specifically designed to scan configuration files, .env files, and source code for sensitive information.

Does it automatically revoke or rotate the keys it finds?

No, it identifies the secrets and provides remediation steps, but manual intervention is required to rotate keys and update your environment variables securely.

When should I run the secret scanner?

It is best practice to run a scan before any major commit, before merging PRs, and especially before migrating a private repository to a public one.

Secret Scanner

Name: Secret Scanner
Author: BbgnsurfTech

byBbgnsurfTech

•

Security & Testing

Scans codebases for exposed credentials, API keys, and sensitive secrets using pattern matching and entropy analysis.

The Secret Scanner skill empowers Claude to proactively identify security vulnerabilities by searching through source code, configuration files, and environment variables for leaked secrets like AWS keys, private certificates, and hardcoded passwords. By combining regex-based pattern matching with sophisticated entropy analysis, it detects both known credential formats and unusual high-entropy strings, providing detailed reports with file locations and remediation advice to prevent security breaches before code is committed or deployed.

Key Features

013 GitHub stars

02Entropy analysis to detect non-standard passwords and private keys

03Remediation guidance for rotating and securing exposed credentials

04Comprehensive scanning of configuration files and environment variables

05Regex-based pattern matching for common API keys (AWS, Google, Stripe)

06Detailed vulnerability reporting with exact line and file locations

Use Cases

01Auditing a repository before making it public to prevent accidental leaks

02Proactively identifying secrets before committing changes to version control

03Searching for hardcoded credentials in legacy configuration files

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bbgnsurftech/claude-skills-collection secret-scanner

For use in Claude.ai and ChatGPT

Download Skill