← Back to Skills

Check Secrets

🌐Community
by nozomi-koborinai · vlatest · Repository

This skill securely checks if specified secrets are present in a given environment, crucial for verifying sensitive configuration data.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add check-secrets npx -- -y @trustedskills/check-secrets
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "check-secrets": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/check-secrets"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The check-secrets skill identifies and flags potential secrets (like API keys, passwords, or tokens) within provided text. It helps prevent accidental exposure of sensitive information by highlighting these occurrences. The tool is designed to be a safety net during development, documentation creation, or any process involving the handling of potentially confidential data.

When to use it

  • Code Reviews: Quickly scan code snippets for accidentally committed secrets before merging changes.
  • Documentation Analysis: Ensure sensitive information isn't included in public-facing documentation.
  • Configuration File Checks: Verify configuration files don’t contain hardcoded credentials.
  • Draft Content Review: Before publishing any written content, use it to scan for unintentional inclusion of secrets.

Key capabilities

  • Secret identification
  • Flagging potential sensitive data
  • Text analysis

Example prompts

  • "Check this code block for any exposed API keys: [paste code here]"
  • "Can you review this document and highlight any possible passwords or tokens? [paste text here]"
  • "Analyze the following configuration file for secrets: [paste config file content]"

Tips & gotchas

The skill's effectiveness depends on its ability to recognize common secret patterns. It is not foolproof and may require manual verification of flagged items.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
nozomi-koborinai
Installs
3
Repository (canonical source) →

🌐 Community

Passed automated security scans.