← Back to Skills

Credential Scanner

🌐Community
by useai-pro · vlatest · Repository

This tool swiftly verifies credentials like licenses & certifications against databases, saving time and ensuring accuracy for due diligence.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add credential-scanner npx -- -y @trustedskills/credential-scanner
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "credential-scanner": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/credential-scanner"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The credential-scanner skill identifies and extracts credentials (like API keys, passwords, and tokens) from text. It can parse various file formats including JSON, YAML, and environment files to locate sensitive information. This helps automate the process of finding potential security vulnerabilities related to exposed credentials.

When to use it

  • Reviewing code repositories: Scan newly committed code for accidentally included API keys or passwords.
  • Analyzing configuration files: Identify any hardcoded credentials within infrastructure-as-code configurations (e.g., Terraform, Ansible).
  • Auditing environment variables: Check for sensitive information stored in .env files or other environment variable sources.
  • Incident response: Quickly search through logs or documents to locate potentially compromised credentials after a security event.

Key capabilities

  • Supports JSON, YAML, and environment file formats.
  • Identifies common credential patterns (e.g., API keys, passwords).
  • Provides detailed location of found credentials within files.

Example prompts

  • "Scan this file for any exposed API keys: [file content]"
  • "Find all potential passwords in my Terraform configuration."
  • "Analyze this JSON file and report any credentials it contains."

Tips & gotchas

The skill's effectiveness relies on recognizing common credential patterns. It may not identify every possible type of credential, so manual review is still recommended for critical security assessments.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
useai-pro
Installs
13
Repository (canonical source) →

🌐 Community

Passed automated security scans.