Scans your codebase for hardcoded credentials like AWS keys, GitHub tokens, Stripe keys, private keys, and database passwords. You can run it on specific directories, enable entropy detection for unknown formats, or even scan git history for secrets that were committed and later removed. The pattern library covers major providers (AWS, GCP, Stripe, Slack, Twilio) with both high-confidence exact matches and fuzzier generic patterns. Output shows severity levels and remediation steps. The ignore system handles false positives in test fixtures and docs. Good for that moment when you realize someone might have committed real credentials, or before open sourcing a private repo.
npx skills add https://github.com/jwynia/agent-skills --skill secrets-scan