Can I target specific directories?

Yes, you can pass a specific path as an argument to focus the security scan on a particular module or source folder.

Does it provide instructions on how to fix a leak?

Yes, every finding includes remediation guidance, such as rotating the credential or moving it to an environment variable configuration.

What kind of secrets can it detect?

It identifies a wide range of sensitive data including cloud provider API keys (AWS, GCP), database credentials, OAuth tokens, and private SSH keys.

How does it handle false positives?

The Secrets Scanner includes an analysis phase to validate findings and provides a confidence level for each report to help developers distinguish between actual secrets and test strings.

Can I scan only my current changes?

Yes, by using the --staged argument, the skill will only scan files that are currently staged in git, making it an ideal pre-commit check.

Secrets Scanner

Name: Secrets Scanner
Author: melodic-software

bymelodic-software

•

Security & Testing

Scans codebases for hardcoded API keys, credentials, and sensitive data patterns to prevent security breaches.

The Secrets Scanner skill for Claude Code provides an automated security layer by identifying exposed credentials within your project. It leverages specialized agents to detect patterns matching API tokens, passwords, and private keys, categorizing findings by severity and confidence levels. Whether you are auditing a legacy repository or performing a pre-commit check on staged changes, this skill ensures sensitive information is identified and remediated before it can be compromised or leaked to public version control.

Key Features

01Severity-based reporting with actionable remediation steps

02Pre-commit scanning via git staged-changes analysis

03Repository-wide auditing with intelligent folder exclusion

04Detection of API keys, tokens, and hardcoded credentials

0538 GitHub stars

06False positive validation to ensure high-quality security reports

Use Cases

01Verifying staged changes for sensitive data before pushing to remote branches

02Performing a security audit on a new or inherited codebase

03Ensuring compliance with internal security policies regarding credential management

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add melodic-software/claude-code-plugins scan-secrets

For use in Claude.ai and ChatGPT

Download Skill