Scans your codebase for hardcoded secrets using gitleaks or trufflehog if available, falls back to pattern matching if not. Classifies findings by severity (critical for AWS keys and private keys, down to low for things needing manual review), filters false positives through baselines, and crucially never logs the actual secret values. Works standalone or as part of the ln-760 security setup orchestrator. The remediation guidance per finding type is genuinely useful, and the git history awareness is a nice touch since secrets in old commits are the real nightmare. Best used in CI/CD or as a pre-commit hook before things get committed in the first place.
npx skills add https://github.com/levnikolaevich/claude-code-skills --skill ln-761-secret-scanner