How does the Secret Scanner find keys that don't match known patterns?

It utilizes entropy analysis to identify high-randomness strings that typically characterize private keys and unique credentials that regex alone might miss.

Does it provide solutions for the secrets it discovers?

Yes, the skill generates a detailed report that includes specific remediation steps, such as suggesting the use of environment variables or key revocation.

Can this skill scan hidden files like .env?

Yes, the skill is specifically designed to inspect configuration files, environment variables, and hidden dotfiles where secrets are frequently stored.

Is this a replacement for dedicated tools like GitLeaks?

It serves as an integrated AI-driven alternative or supplement, allowing for interactive scanning and immediate remediation advice directly within your development workflow.

Secret Scanner

Name: Secret Scanner
Author: intent-solutions-io

byintent-solutions-io

0•

Security & Testing

Scans codebases for exposed secrets, API keys, and credentials to prevent security vulnerabilities and data leaks.

The Secret Scanner skill empowers Claude to perform proactive security audits by identifying hardcoded credentials, API keys, and private keys within your codebase. By utilizing a combination of regex pattern matching and entropy analysis, it detects sensitive information across various file types, including configuration files and environment variables. This skill is essential for developers who need to identify and remediate vulnerabilities before sensitive data is committed to version control or deployed to production environments.

Key Features

01Entropy analysis to detect non-standard or unique credentials

02Actionable remediation guidance for revoking and securing leaked secrets

03Pattern matching for common API keys like AWS, Google, and Azure

040 GitHub stars

05Detailed vulnerability reporting with specific file locations

06Support for scanning configuration files and .env environments

Use Cases

01Identifying hardcoded passwords in legacy configuration files

02Auditing a repository for exposed credentials before a public release

03Proactively scanning for accidentally committed private SSH or PGP keys

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add intent-solutions-io/plugins-nixtla secret-scanner

For use in Claude.ai and ChatGPT

Download Skill