← Back to Skills

Security Secrets

🌐Community
by igorwarzocha · vlatest · Repository

Extracts sensitive data like API keys, passwords, and credentials from text and code repositories.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add security-secrets npx -- -y @trustedskills/security-secrets
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "security-secrets": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/security-secrets"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The security-secrets skill helps identify and redact sensitive information, such as API keys, passwords, or database credentials, from text. It can scan code repositories, configuration files, or other documents to locate potential secrets and either remove them or replace them with placeholders. This significantly reduces the risk of accidental exposure of confidential data.

When to use it

  • Code Review: Automatically identify and flag potential secrets in pull requests before merging changes into a main branch.
  • Configuration File Auditing: Scan configuration files (e.g., .env, config.yaml) for hardcoded credentials.
  • Incident Response: Quickly search through logs or code repositories to locate leaked secrets after a security incident.
  • Data Sanitization: Remove sensitive information from documents before sharing them externally.

Key capabilities

  • Secret detection
  • Redaction of identified secrets
  • Replacement with placeholders

Example prompts

  • "Scan this file for any API keys and redact them."
  • "Find all instances of passwords in this code repository."
  • "Review this configuration file and replace database credentials with placeholder values."

Tips & gotchas

The skill's effectiveness depends on the patterns it uses to identify secrets. Ensure you review the redacted or replaced information to confirm accuracy, as false positives can occur.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
igorwarzocha
Installs
17
Repository (canonical source) →

🌐 Community

Passed automated security scans.