Runs three filesystem scans to catch secrets before your AI agent sees them: hardcoded credentials across 20+ patterns (AWS keys, Stripe tokens, database URLs, JWTs), console.log statements that dump environment variables or config objects at runtime, and sensitive files missing from .gitignore. Returns masked previews with severity ratings and line numbers, never the actual values. Built for the specific risk of helpful agents accidentally ingesting credentials during debugging sessions or config reviews. Works entirely locally via stdio, no secrets leave your machine. Pairs well with CI readiness and code analysis servers if you're building pre-commit or pre-release guardrails into agent workflows.
claude mcp add --transport stdio vola-trebla-env-secret-exposure-analyzer-mcp uvx env-secret-exposure-analyzer-mcp