Code Hardcode Audit

The code-hardcode-audit skill scans source code repositories to identify hardcoded secrets, API keys, and sensitive credentials that pose security risks. It analyzes files across a project directory to detect patterns matching common secret formats and reports their locations for remediation.

When to use it

• Before deploying an application to production to ensure no accidental secrets were committed to version control.
• During code reviews when integrating third-party libraries or dependencies that might contain exposed keys.
• After cloning a legacy repository to audit existing infrastructure configurations for compromised credentials.
• As part of a continuous integration pipeline to block merges containing detected sensitive data.

Key capabilities

• Recursively scans entire project directories for hardcoded values.
• Identifies common secret patterns such as API keys, passwords, and tokens.
• Provides specific file paths and line numbers where secrets are found.
• Supports various programming languages and configuration formats.

Example prompts

• "Run a full audit on my current project directory to find any hardcoded AWS access keys."
• "Scan the config folder for exposed database passwords or API tokens."
• "Audit this repository for secrets before I merge the latest feature branch."

Tips & gotchas

Ensure you exclude sensitive files from your scan if they are intentionally stored in plaintext, as the tool will flag them. Always review the generated report manually to confirm false positives and prioritize critical findings like production database credentials.