Will my secrets be exposed in the logs or reports?

No. The skill is strictly configured to redact actual secret values from all outputs, only providing file paths and line numbers for remediation.

Does it provide instructions on how to fix a found secret?

Yes, every finding is attached to specific remediation steps from a reference guide, emphasizing immediate rotation for critical leaks.

Which scanning tools does this skill support?

The skill preferentially uses Gitleaks and Trufflehog, but can fall back to high-confidence manual pattern matching if those tools are not available in the environment.

Can this be used for existing Git history?

While primarily focused on current code, the skill provides warnings if secrets are likely to exist in Git history and recommends tools like git-filter-repo for cleanup.

How does the skill handle false positives?

It supports .gitleaksbaseline files and custom allowlists to ensure that known safe patterns or placeholders do not trigger alerts.

Secret Scanner for Claude Code

Name: Secret Scanner for Claude Code
Author: levnikolaevich

bylevnikolaevich

•

安全与测试

Scans codebases for hardcoded secrets and credentials while providing automated severity classification and remediation guidance.

关于

The Secret Scanner skill enables Claude to perform deep security audits of your repository to identify leaked API keys, private keys, and passwords. By leveraging industry-standard tools like Gitleaks and Trufflehog—or falling back to intelligent manual patterns—it provides a structured report that classifies findings by severity. Designed with a security-first approach, it ensures that sensitive data is never logged in the output while offering clear remediation steps and integration options for pre-commit hooks and CI/CD pipelines.

主要功能

Multi-tool support using Gitleaks, Trufflehog, or manual grep patterns
Automated severity classification from Critical to Low findings
False positive filtering using baselines and custom allowlists
Redaction-first reporting to prevent accidental secret exposure in logs
Detailed remediation guides for rotating compromised credentials
38 GitHub stars

使用场景

Automating security gates within CI/CD pipelines
Preventing credential leaks during the pre-commit validation phase
Conducting security audits during initial project bootstrapping

关于

主要功能

Multi-tool support using Gitleaks, Trufflehog, or manual grep patterns
Automated severity classification from Critical to Low findings
False positive filtering using baselines and custom allowlists
Redaction-first reporting to prevent accidental secret exposure in logs
Detailed remediation guides for rotating compromised credentials
38 GitHub stars

使用场景

Automating security gates within CI/CD pipelines
Preventing credential leaks during the pre-commit validation phase
Conducting security audits during initial project bootstrapping