Can I use this for pre-commit checks?

Absolutely. It is designed for proactive scanning before committing changes to ensure no sensitive credentials are leaked to your version control system.

What types of secrets can this skill detect?

It detects AWS keys, Google Cloud credentials, database passwords, private SSH/PGP keys, and high-entropy strings commonly found in config files.

Does it suggest how to fix discovered leaks?

Yes, for every identified secret, the skill provides specific remediation steps, such as moving credentials to environment variables or revoking the compromised key.

How does it find secrets that don't match known patterns?

It uses entropy analysis to flag high-randomness strings that often indicate unique tokens, passwords, or keys not covered by standard regex patterns.

Secret Scanner & Security Audit

Name: Secret Scanner & Security Audit
Author: jeremylongshore

byjeremylongshore

•

884

•

Security & Testing

Scans codebases for exposed secrets, API keys, and credentials to prevent security vulnerabilities before deployment.

This skill empowers Claude to perform automated security audits by identifying sensitive information such as AWS keys, database passwords, and private SSH keys within your source code. By utilizing both pattern matching and entropy analysis, it helps developers detect accidental leaks before they reach version control, providing detailed reports and actionable remediation steps to maintain a secure development environment.

Key Features

01Deep scanning of configuration files and environment templates

02Detailed vulnerability reporting with file location mapping

03Actionable remediation guidance for revoking and rotating keys

04Pattern-based detection for major cloud providers (AWS, GCP, Azure)

05Entropy analysis to identify non-standard high-randomness secrets

06884 GitHub stars

Use Cases

01Validating configuration files for sensitive plain-text data

02Pre-commit security scanning to prevent credential leaks to GitHub

03Auditing legacy repositories for hardcoded passwords and API keys

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills skill-adapter

For use in Claude.ai and ChatGPT

Download Skill