playbooks

home / skills / jeremylongshore / claude-code-plugins-plus-skills / secret-scanner

secret-scanner skill

/skills/03-security-fundamentals/secret-scanner

This skill helps automate secret scanner guidance by generating production-ready configurations, best practices, and validation outputs for secure scanning

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill secret-scanner

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.1 KB
---
name: "secret-scanner"
description: |
  Scan secret scanner operations. Auto-activating skill for Security Fundamentals.
  Triggers on: secret scanner, secret scanner
  Part of the Security Fundamentals skill category. Use when working with secret scanner functionality. Trigger with phrases like "secret scanner", "secret scanner", "secret".
allowed-tools: "Read, Write, Grep, Bash(npm:*)"
version: 1.0.0
license: MIT
author: "Jeremy Longshore <[email protected]>"
---

# Secret Scanner

## Overview

This skill provides automated assistance for secret scanner tasks within the Security Fundamentals domain.

## When to Use

This skill activates automatically when you:
- Mention "secret scanner" in your request
- Ask about secret scanner patterns or best practices
- Need help with essential security skills covering authentication, input validation, secure coding practices, and basic vulnerability detection.

## Instructions

1. Provides step-by-step guidance for secret scanner
2. Follows industry best practices and patterns
3. Generates production-ready code and configurations
4. Validates outputs against common standards

## Examples

**Example: Basic Usage**
Request: "Help me with secret scanner"
Result: Provides step-by-step guidance and generates appropriate configurations


## Prerequisites

- Relevant development environment configured
- Access to necessary tools and services
- Basic understanding of security fundamentals concepts


## Output

- Generated configurations and code
- Best practice recommendations
- Validation results


## Error Handling

| Error | Cause | Solution |
|-------|-------|----------|
| Configuration invalid | Missing required fields | Check documentation for required parameters |
| Tool not found | Dependency not installed | Install required tools per prerequisites |
| Permission denied | Insufficient access | Verify credentials and permissions |


## Resources

- Official documentation for related tools
- Best practices guides
- Community examples and tutorials

## Related Skills

Part of the **Security Fundamentals** skill category.
Tags: security, authentication, validation, owasp, secure-coding

Overview

This skill automates secret scanner tasks inside the Security Fundamentals domain. It guides discovery, validation, and remediation of exposed secrets and produces actionable configurations and code. Use it to standardize secret scanning workflows and enforce basic security controls across projects.

How this skill works

The skill inspects code, configuration files, and commit history for common secret patterns using rule-based detection and configurable heuristics. It outputs remediation steps, sample detection rules, and production-ready configuration snippets, and validates results against common standards and best practices. It also surfaces likely false positives and suggests verification steps.

When to use it

  • You mention "secret scanner" or ask about secret scanning patterns
  • You need to detect exposed API keys, tokens, credentials, or private keys in code or history
  • You want sample scanner configurations for CI/CD pipelines
  • You need remediation steps and secure rotation guidance after a secret leak
  • You want validation of scanner outputs and reduction of false positives

Best practices

  • Scan both current code and commit history, including branches and PRs
  • Use multiple detection techniques: pattern matching, entropy checks, and contextual heuristics
  • Treat findings as sensitive: avoid logging full secret values and provide masked examples
  • Automate scans in CI with fail-on-detection policies and allow staged exceptions with review
  • Provide clear remediation: rotate exposed secrets, remove commits, and update deployment configs

Example use cases

  • Generate a GitHub Actions workflow that runs a secret scanner on every pull request
  • Create detection rules for cloud provider keys and common API token formats
  • Review a repository for high-risk findings and produce prioritized remediation steps
  • Validate scanner output and provide guidance to reduce false positives before blocking CI
  • Produce code snippets to mask or replace discovered secrets and automate rotation

FAQ

How accurate is the scanner at finding secrets?

Accuracy depends on configured rules and heuristics; combining pattern matching with entropy checks and contextual filters reduces missed secrets and false positives.

What should I do after a secret is detected?

Immediately rotate the exposed credential, remove it from repository history, update configurations, and run a follow-up scan to confirm remediation.