What types of secrets can this skill find?

It identifies a wide range of credentials, including cloud provider keys (AWS, GCP, Azure), database passwords, SSH keys, and various tokens found in source code or configuration files.

Does it provide advice on how to fix the security issues?

Yes, every generated report includes specific remediation steps, such as migrating to environment variables or revoking and rotating exposed keys.

Can I use this before committing my code?

Yes, it is designed to be used proactively during development to catch exposed secrets before they are committed to version control systems like Git.

How does it detect secrets that don't follow a specific pattern?

The skill utilizes entropy analysis, which detects high-randomness strings that often characterize private keys and unique tokens that standard pattern matching might miss.

Secret Scanner

Name: Secret Scanner
Author: jeremylongshore

byjeremylongshore

•

883

•

安全与测试

Scans your codebase for exposed API keys, passwords, and private keys to prevent security vulnerabilities and credential leaks.

The Secret Scanner skill empowers Claude to proactively identify sensitive information within your repository using advanced pattern matching and entropy analysis. It helps developers detect hardcoded credentials—such as AWS keys, database passwords, and SSH keys—before they are committed to version control or deployed, providing a detailed report with exact file locations and actionable remediation steps to maintain a robust security posture.

主要功能

01Automated scanning of configuration and environment files

02Proactive security auditing for pre-commit workflows

03Pattern-based detection for major cloud provider API keys

04Detailed vulnerability reporting with remediation guidance

05Entropy analysis to identify non-standard sensitive strings

06883 GitHub stars

使用场景

01Identifying hardcoded AWS, Google Cloud, or Azure credentials

02Detecting accidental commits of SSH or PGP private keys

03Auditing .env and YAML files for plain-text passwords

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills secret-scanner

For use in Claude.ai and ChatGPT

Download Skill