scanning-for-secrets
This skill helps you scan your codebase for exposed secrets and credentials. It uses pattern matching and entropy analysis to identify potential security vulnerabilities such as API keys, passwords, and private keys. Use this skill when you want to proactively identify and remediate exposed secrets before they are committed to version control or deployed to production. It is triggered by phrases like "scan for secrets", "check for exposed credentials", "find API keys", or "run secret scanner".
77
7%
Does it follow best practices?
Impact
90%
1.18xAverage score across 9 eval scenarios
Risky
Do not use without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/secret-scanner/skills/secret-scanner/SKILL.mdEvaluation results
91%
34%Inherited Codebase Security Audit
Secret detection and remediation reporting
Plugin activation
0%
80%
Pattern matching used
0%
100%
Entropy analysis used
0%
70%
AWS key pattern
25%
100%
Config file passwords found
100%
100%
SSH/PGP key found
100%
100%
File locations in report
100%
100%
Remediation steps per finding
100%
100%
Env variable remediation
100%
100%
Entropy findings flagged
0%
50%
scan_summary.json produced
100%
100%
security_report.md produced
100%
100%
88%
10%Automated Secret Leak Prevention for Git Workflow
Pre-commit hook secret prevention
Pre-commit hook created
100%
100%
secret-scanner plugin reference
0%
20%
Blocks commit on secret found
100%
100%
Developer feedback on block
100%
100%
install.sh produced
100%
100%
Hook made executable
100%
100%
README produced
100%
100%
Bypass instructions
100%
100%
Pattern matching approach
100%
100%
Entropy analysis approach
0%
100%
92%
32%Security Scanning Strategy for a Growing Engineering Team
Recurring scan workflow and entropy review
secret-scanner plugin named
0%
100%
Recurring schedule specified
100%
100%
scan_runner.sh produces dated log
100%
100%
Entropy analysis review guidance
41%
100%
Entropy vs pattern distinction
25%
100%
Vulnerability scanner integration
0%
0%
Notification plugin integration
100%
100%
alert_config_example.json produced
100%
100%
Config file coverage
42%
100%
Pattern matching named
71%
100%
Entropy analysis named
57%
100%
scanning_strategy.md produced
100%
100%
100%
22%Multi-Cloud Integration Security Audit
Multi-cloud API key detection
Plugin activation
0%
100%
Pattern matching referenced
0%
100%
Entropy analysis referenced
0%
100%
Google API key detected
100%
100%
GCP service account key detected
100%
100%
Azure connection string detected
100%
100%
Azure client secret detected
100%
100%
Third-party key detected
100%
100%
Config file credentials found
100%
100%
File locations in report
100%
100%
Provider-specific remediation
100%
100%
Env variable recommendation
100%
100%
scan_summary.json produced
100%
100%
95%
3%Cryptographic Material Exposure Audit
PGP and cryptographic key detection
Plugin activation
0%
62%
Pattern matching used
100%
71%
PGP key detected
100%
100%
RSA private keys detected
100%
100%
OpenSSH key detected
100%
100%
GitHub token detected
100%
100%
Passphrase detected
100%
100%
Key type categorization
100%
100%
File locations in report
100%
100%
Key rotation remediation
100%
100%
Secrets vault remediation
100%
100%
scan_summary.json produced
100%
100%
86%
10%Security Dashboard Report for Engineering Leadership
HTML report and file-type filtering
Plugin activation
0%
42%
report_generator referenced
0%
0%
HTML report produced
100%
100%
File type filtering applied
100%
100%
Exclude patterns applied
100%
100%
App secrets found
100%
100%
Config file secrets found
100%
100%
Test fixtures excluded
100%
100%
Vendor code excluded
100%
100%
HTML report has structure
100%
100%
scan_scope.json produced
100%
100%
Env variable remediation
0%
100%
96%
30%CI/CD Security Integration for Cloud Platform
CI/CD pipeline secret scanning with alerting and security tool integration
Secret-scanner plugin named
0%
100%
Notification plugin referenced
100%
100%
Notification triggers on detection
100%
100%
Notification includes finding details
37%
100%
Vulnerability scanner integration
100%
100%
Pattern matching referenced
62%
100%
Entropy analysis referenced
100%
100%
CI pipeline triggers on PR
100%
100%
Scheduled scan included
0%
75%
File locations in output
0%
100%
Remediation steps in report
100%
75%
Comprehensive security framing
100%
100%
92%
Secret Scan Triage and Remediation Planning
Entropy analysis triage and false positive review
Distinguishes detection methods
100%
100%
Entropy careful review guidance
100%
100%
Pattern findings prioritized higher
100%
100%
Env variable remediation for password
100%
100%
AWS key remediation
100%
100%
SSH private key remediation
100%
100%
Entropy false positive acknowledged
100%
100%
File locations documented
100%
100%
Remediation summary JSON valid
100%
100%
Entropy explanation provided
100%
100%
Plugin named as scanner tool
0%
0%
74%
-1%Targeted Secret Scan for Backend Services Directory
Targeted directory scanning with file type include/exclude configuration
scan_directory.py referenced
0%
0%
File type inclusion configured
100%
100%
Exclusion patterns applied
100%
100%
Pattern matching specified
100%
100%
Entropy analysis specified
100%
100%
Target directory scoped
100%
100%
Entropy review guidance
100%
100%
Secret-scanner plugin named
0%
0%
File locations in output
50%
33%
Remediation guidance included
100%
100%
Script is executable format
100%
100%
scan_config.json valid JSON
100%
100%
- Commit
13d35b8
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.