Stats
Actions
Tags
From security
Scans codebase for hardcoded secrets, API keys, credentials, tokens, and sensitive data. Supports directories, --all for full repo, --staged for git changes. Reports severity, locations, remediation.
How this skill is triggered — by the user, by Claude, or both
Slash command
/security:scan-secretsThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Scan code for hardcoded secrets, API keys, tokens, and credentials.
Scan code for hardcoded secrets, API keys, tokens, and credentials.
/security:scan-secrets # Scan current directory
/security:scan-secrets src/ # Scan specific directory
/security:scan-secrets --all # Scan entire repository
/security:scan-secrets --staged # Scan staged git changes only
Delegate to the secrets-scanner agent with the following prompt:
If no arguments provided: "Scan the current working directory for hardcoded secrets, API keys, credentials, tokens, and sensitive data patterns. Report findings with severity classification, file locations, and remediation guidance. Validate findings to minimize false positives."
If --all argument:
"Scan the entire repository for hardcoded secrets, API keys, credentials, tokens, and sensitive data patterns. Exclude common false positive locations (node_modules, vendor, .git). Report findings with severity classification, file locations, and remediation guidance."
If --staged argument:
"Scan staged git changes (git diff --staged) for hardcoded secrets, API keys, credentials, tokens, and sensitive data patterns. This is a pre-commit check. Report findings with severity classification and remediation guidance."
If path specified: "Scan $ARGUMENTS for hardcoded secrets, API keys, credentials, tokens, and sensitive data patterns. Report findings with severity classification, file locations, and remediation guidance. Validate findings to minimize false positives."
The secrets-scanner agent produces a report including:
npx claudepluginhub melodic-software/claude-code-plugins --plugin securityDetects hardcoded secrets, API keys, credentials, tokens, and private keys in source code and git history using regex patterns for pentesting and code reviews.
Scans code, git history, and configs for secrets like API keys, cloud credentials, private keys, and DB strings using regex, entropy, and context. Assesses severity and generates remediation reports.
Scans codebases for leaked secrets (API keys, tokens, passwords, private keys), insecure code patterns, and configuration issues. Returns severity-rated findings with file locations and remediation steps.