---
name: secret-scanner
description: Use this skill when the user asks to "scan for secrets", "find leaked credentials", "detect API keys", "check for exposed passwords", "secret detection", "credential scan", or mentions security scanning for sensitive data in codebases.
version: 1.0.0
---

# Secret Scanner Skill

Scans codebases and files for accidentally committed secrets, API keys, passwords, tokens, and other sensitive credentials.

## What It Detects

| Category | Patterns |
|----------|----------|
| **API Keys** | AWS, Google, GitHub, Stripe, Slack, etc. |
| **Passwords** | Hardcoded passwords in code, configs |
| **Tokens** | OAuth tokens, JWT secrets, refresh tokens |
| **Private Keys** | SSH keys, PGP keys, certificate keys |
| **Database URLs** | Connection strings with credentials |

## Quick Scan Commands

```bash
# Install gitleaks
sudo apt install -y gitleaks

# Scan current directory
gitleaks detect --source . --verbose

# Scan git history
gitleaks detect --source . --log-opts="--all"
```

## Usage

```
"Scan this directory for leaked secrets"
"Check my codebase for exposed API keys"
"Find any hardcoded passwords in these files"
```