Ghost Scan Secrets

The ghost-scan-secrets skill enables AI agents to actively search for and identify exposed secrets within codebases, configuration files, and deployment environments. It automates the detection of hardcoded credentials, API keys, and sensitive tokens that could compromise system security.

When to use it

• Before merging pull requests containing new environment variables or database connection strings.
• During pre-deployment checks to ensure no production secrets were accidentally committed to version control.
• When auditing legacy repositories for forgotten API keys or authentication tokens left in comments.
• As part of a continuous integration pipeline to block builds if high-risk secrets are detected.

Key capabilities

• Scans code repositories for common secret patterns and formats.
• Identifies hardcoded credentials in configuration files, scripts, and documentation.
• Flags potential security risks by matching against known secret structures.
• Provides actionable reports highlighting file locations and severity levels.

Example prompts

• "Scan this repository for any exposed API keys or database passwords."
• "Check the latest commit for accidentally committed secrets before I push to production."
• "Identify all hardcoded authentication tokens in the frontend codebase."

Tips & gotchas

Ensure the skill has appropriate read permissions on the target repositories to avoid false negatives. Regularly update the underlying secret detection patterns to stay ahead of emerging credential formats and obfuscation techniques.