What types of secrets can this skill detect?

It detects API keys (AWS, Google, Azure), hardcoded passwords, private keys (SSH, PGP), and high-entropy strings indicating potential credentials.

How does the Secret Scanner find secrets that don't match common patterns?

The skill uses entropy analysis to identify unusual strings of characters that likely represent unique credentials not caught by standard regex patterns.

What happens after a secret is found?

Claude generates a detailed report listing the exact file location and provides remediation steps, such as using environment variables or revoking the compromised key.

Can I use this for pre-commit security checks?

Yes, you can trigger this skill via Claude Code before committing changes to ensure no sensitive information is accidentally pushed to your repository.

Does this skill work with all file types?

Yes, it can scan configuration files, source code, and environment files within your project directory for potential leaks.

Secret Scanner

Name: Secret Scanner
Author: jeremylongshore

byjeremylongshore

•

896

•

Security & Testing

Detects and remediates exposed secrets, API keys, and credentials within your codebase to prevent security breaches.

The Secret Scanner skill empowers Claude to perform deep security audits of your codebase, identifying hardcoded credentials, API keys, and private certificates. By leveraging pattern matching and entropy analysis, it finds sensitive data in configuration files, scripts, and environment variables that could lead to unauthorized access. It is an essential tool for developers and security engineers looking to automate vulnerability discovery and ensure compliance before code is committed or deployed.

Key Features

01Automated scanning for AWS, Google, and Azure API keys

02Detailed vulnerability reporting with file locations and severity

03Actionable remediation steps and code examples for fixing leaks

04Entropy analysis to detect non-standard secrets and high-entropy strings

05Support for configuration file auditing including .env, YAML, and JSON

06896 GitHub stars

Use Cases

01Verifying compliance with security standards like OWASP and PCI-DSS

02Auditing a legacy codebase for hardcoded database passwords

03Performing a pre-commit check to ensure no private SSH keys are accidentally staged

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills scanning-for-secrets

For use in Claude.ai and ChatGPT

Download Skill