Install
openclaw skills install @itspremkumar/secret-scannerDetect API keys, tokens, and credentials in code with 50+ patterns, entropy analysis, and multiple report formats
openclaw skills install @itspremkumar/secret-scannerDetect API keys, tokens, and credentials in code with 50+ patterns, entropy analysis, and SARIF reports.
Keywords: security, secret, scan, audit, cli, credentials, python, open-source, agent, automation, MIT
Part of the itsPremkumar Hermes / OpenClaw / Paperclip agent stack — 31 free, MIT-licensed, CI-tested agent-native tools.
Secrets leak into repos constantly and go unnoticed until exploited. Secret Scanner solves this: Detect API keys, tokens, and credentials in code with 50+ patterns, entropy analysis, and SARIF reports.
Best for: Security teams, maintainers, and CI pipelines.
# Requires Python 3.8+. No pip install needed.
curl -O https://raw.githubusercontent.com/itsPremkumar/secret-scanner/main/secret_scanner.py
# Or copy the file anywhere — it's self-contained.
python secret_scanner.py self-test # prove it works end-to-end
python secret_scanner.py scan --help # scan subcommand
python secret_scanner.py check --help # check subcommand
python secret_scanner.py list-patterns --help # list-patterns subcommand
| Alternative | Why this skill is better |
|---|---|
| grep for keys | Pattern + entropy detection. |
| Single-pattern tools | 50+ patterns in one pass. |
| Manual review | SARIF drops into CI. |
Q: Patterns?
A: 50+ built in (keys, tokens, creds).
Q: Entropy?
A: On by default; disable with --no-entropy.
Q: SARIF?
A: Yes — --sarif for GitHub code scanning.
Q: Offline?
A: Yes.
Built and maintained by @itsPremkumar (Chennai, India · serving developers worldwide). Free for individuals and teams everywhere. Documentation in English; tool output is locale-neutral.
# .github/workflows/verify.yml
name: Verify
on: [push]
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Self-test secret-scanner
run: python secret_scanner.py self-test
Free + MIT-0 (free, modifiable, no attribution required). Sponsor if useful:
⭐ Star on GitHub