← Back to Skills

Secrets Scanner

🌐Community
by monkey1sai · vlatest · Repository

This "Secrets Scanner" identifies potentially sensitive information within text, safeguarding data and reducing security risks.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add secrets-scanner npx -- -y @trustedskills/secrets-scanner
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "secrets-scanner": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/secrets-scanner"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The secrets-scanner skill identifies and flags potentially sensitive information, such as API keys, passwords, or other credentials, within text. It helps prevent accidental exposure of confidential data by highlighting these elements for review. The scanner is designed to be integrated into workflows where code or configuration files are being processed.

When to use it

  • Code Review: Scan newly written or modified code repositories for accidentally committed secrets.
  • Configuration File Analysis: Check configuration files (e.g., .env, config.yaml) before deployment to ensure no credentials are present.
  • Documentation Review: Examine documentation and internal notes for unintentional inclusion of sensitive information.
  • Incident Response: Quickly scan logs or other data sources following a potential security breach to identify compromised secrets.

Key capabilities

  • Secret identification
  • Flagging of sensitive data
  • Integration into workflows
  • Scanning code repositories
  • Scanning configuration files

Example prompts

  • "Scan this file for any exposed API keys: [file content]"
  • "Analyze the following code snippet and flag potential secrets: [code snippet]"
  • "Check this commit message for passwords or other credentials: [commit message]"

Tips & gotchas

The effectiveness of the scanner depends on its ability to recognize patterns associated with common secret formats. Ensure that the skill is regularly updated to include new secret types and obfuscation techniques.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
monkey1sai
Installs
4
Repository (canonical source) →

🌐 Community

Passed automated security scans.