scanning-for-secrets

Solid

This skill helps you scan your codebase for exposed secrets and credentials. It uses pattern matching and entropy analysis to identify potential security vulnerabilities such as API keys, passwords, and private keys. Use this skill when you want to proactively identify and remediate exposed secrets before they are committed to version control or deployed to production. It is triggered by phrases like "scan for secrets", "check for exposed credentials", "find API keys", or "run secret scanner".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 93/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

## Overview This skill enables Claude to scan your codebase for exposed secrets, API keys, passwords, and other sensitive credentials. It helps you identify and remediate potential security vulnerabilities before they are committed or deployed. ## How It Works 1. **Initiate Scan**: Claude activates the `secret-scanner` plugin. 2. **Codebase Analysis**: The plugin scans the codebase using pattern matching and entropy analysis. 3. **Report Generation**: A detailed report is generated, highlighting identified secrets, their locations, and suggested remediation steps. ## When to Use This Skill This skill activates when you need to: - Scan your codebase for exposed API keys (e.g., AWS, Google, Azure). - Check for hardcoded passwords in configuration files. - Identify potential private keys (SSH, PGP) accidentally committed to the repository. - Proactively find secrets before committing changes. ## Examples ### Example 1: Identifying Exposed AWS Keys User request: "Scan for AWS keys in the codebase" The skill will: 1. Activate the `secret-scanner` plugin. 2. Scan the codebase for patterns matching AWS Access Keys (AKIA[0-9A-Z]{16}). 3. Generate a report listing any found keys, their file locations, and remediation steps (e.g., revoking the key). ### Example 2: Checking for Hardcoded Passwords User request: "Check for exposed credentials in config files" The skill will: 1. Activate the `secret-scanner` plugin. 2. Scan configuration files (e.g., `database.yml`, `.env`) fo...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

Code & Development Listed

secret-scanner

Detect accidentally committed secrets, credentials, and sensitive information in code.

335 Updated today
aiskillstore
AI & Automation Solid

scanning-for-vulnerabilities

This skill enables comprehensive vulnerability scanning using the vulnerability-scanner plugin. It identifies security vulnerabilities in code, dependencies, and configurations, including CVE detection. Use this skill when the user asks to scan for vulnerabilities, security issues, or CVEs in their project. Trigger phrases include "scan for vulnerabilities", "find security issues", "check for CVEs", "/scan", or "/vuln". The plugin performs static analysis, dependency checking, and configuration analysis to provide a detailed vulnerability report.

2,266 Updated today
jeremylongshore
Code & Development Listed

secrets-scanner

Detect and remediate leaked credentials in code and git-history — entropy/regex scanning with gitleaks/trufflehog/detect-secrets, rotate-first incident response, and pre-commit/CI gating to prevent reoccurrence.

4 Updated 1 weeks ago
roodlicht
AI & Automation Listed

secrets-scan

Pre-commit secrets detection with pattern-based scanning for API keys, tokens, passwords, private keys, and connection strings. Self-contained — no external tools required.

15 Updated 5 days ago
backspace-shmackspace
AI & Automation Solid

scanning-for-data-privacy-issues

This skill enables Claude to automatically scan code and configuration files for potential data privacy vulnerabilities using the data-privacy-scanner plugin. It identifies sensitive data exposure, compliance violations, and other privacy-related risks. Use this skill when the user requests to "scan for data privacy issues", "check privacy compliance", "find PII leaks", "identify GDPR violations", or needs a "privacy audit" of their codebase. The skill is most effective when used on projects involving personal data, financial information, or health records.

2,266 Updated today
jeremylongshore