Skill
security
✓ Verified
Free
Secret Scanner
Scan files and diffs for accidentally committed secrets across 20+ providers and pattern types.
4.7(96 reviews)
41,200 installs
by GitHub
About
Detects 20+ secret types: AWS keys, GitHub tokens, GCP service accounts, Stripe keys, JWT tokens, private keys, database connection strings, and more. Supports allowlisting, filters known false positives, and outputs JSON Lines for CI integration.
Tags
secretssecuritycicompliance
Skill Instructions Preview
# Secret Scanner Scan the workspace or diff for leaked secrets. ## Patterns Detected - AWS access keys (AKIA...) - GitHub PATs (ghp_, gho_, ghu_, ghs_, ghr_) - GCP service account JSON - Stripe keys (sk_, pk_) - Slack tokens (xox[bpars]-...) - JWT tokens - Private keys (-----BEGIN PRIVATE KEY-----) - Database connection strings - API keys with high entropy ## Process 1. Determine scope (diff, staged, full repo) 2. Skip binaries, lockfiles, node_modules 3. Match patterns and validate entropy 4. Filter against allowlist 5. Report findings with file:line Never print the secret value in logs — only the type and location.
Related Skills
Skill⭐
securityFREE
AI Security Code Reviewer
Trace data flows across files to find injection flaws, auth bugs, secrets, and crypto issues with severity ratings.
securityowaspvulnerabilities
G
GitHub4.8(248)
98k
★6.2k
Skill
developmentFREE
Conventional Commits Enforcer
Validate and rewrite commit messages to strictly follow the Conventional Commits 1.0 specification.
gitcommitsconventional-commits
C
Community4.7(89)
39k
★1.9k
Install
# Add as Claude Code slash command: curl -fsSL "https://raw.githubusercontent.com/github/awesome-copilot/main/skills/secret-scanning/SKILL.md" \ -o ~/.claude/commands/secret-scanning.md
Compatible with
claude codegithub copilot
Trigger phrase
/scan-secretsG
GitHub
@github