Skill

scan-secrets

Scans codebase for hardcoded secrets, API keys, credentials, tokens, and sensitive data. Supports directories, --all for full repo, --staged for git changes. Reports severity, locations, remediation.

Git

security

npx claudepluginhub melodic-software/claude-code-plugins --plugin security

Tool Access

This skill is limited to using the following tools:

Task

Preview

Scan code for hardcoded secrets, API keys, tokens, and credentials.

SKILL.md

Similar Skills

secret-scanner

586

Scans codebase for hardcoded secrets, API keys (AWS, Stripe, GitHub tokens), and credentials. Checks .env files and git history for leaks. Use before public repo pushes, security audits, or CI/CD setup.

10 files

sundial-org-awesome-openclaw-skills-4

Secret Scanning

Detects hardcoded secrets, API keys, credentials, tokens, and private keys in source code and git history using regex patterns for pentesting and code reviews.

vuln-scout

secret-scanner

Scans code, git history, and configs for secrets like API keys, cloud credentials, private keys, and DB strings using regex, entropy, and context. Assesses severity and generates remediation reports.

devkit

Stats

Parent Repo Stars63

Parent Repo Forks9

Last CommitFeb 15, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Scan Secrets Command

Scan code for hardcoded secrets, API keys, tokens, and credentials.

Usage

/security:scan-secrets # Scan current directory /security:scan-secrets src/ # Scan specific directory /security:scan-secrets --all # Scan entire repository /security:scan-secrets --staged # Scan staged git changes only

Execution

Delegate to the secrets-scanner agent with the following prompt:

If no arguments provided: "Scan the current working directory for hardcoded secrets, API keys, credentials, tokens, and sensitive data patterns. Report findings with severity classification, file locations, and remediation guidance. Validate findings to minimize false positives."

If --all argument: "Scan the entire repository for hardcoded secrets, API keys, credentials, tokens, and sensitive data patterns. Exclude common false positive locations (node_modules, vendor, .git). Report findings with severity classification, file locations, and remediation guidance."

If --staged argument: "Scan staged git changes (git diff --staged) for hardcoded secrets, API keys, credentials, tokens, and sensitive data patterns. This is a pre-commit check. Report findings with severity classification and remediation guidance."

If path specified: "Scan $ARGUMENTS for hardcoded secrets, API keys, credentials, tokens, and sensitive data patterns. Report findings with severity classification, file locations, and remediation guidance. Validate findings to minimize false positives."

Output

The secrets-scanner agent produces a report including:

Summary of findings by severity

Each finding with file, line, pattern type, and confidence

Remediation steps (rotate credential, move to environment variable, etc.)

False positive analysis where applicable

Scan Secrets Command

Scan code for hardcoded secrets, API keys, tokens, and credentials.

Usage

/security:scan-secrets             # Scan current directory
/security:scan-secrets src/        # Scan specific directory
/security:scan-secrets --all       # Scan entire repository
/security:scan-secrets --staged    # Scan staged git changes only

Execution

Delegate to the secrets-scanner agent with the following prompt:

Output

The secrets-scanner agent produces a report including:

Summary of findings by severity
Each finding with file, line, pattern type, and confidence
Remediation steps (rotate credential, move to environment variable, etc.)
False positive analysis where applicable