io.github.78degrees/ghosthunt

MCPcommunity
v1.0.0io.github.78degreesUnknownUpdated 1mo agonpmGitHub

Find every leaked secret on your machine — API keys in .env files, shell history, and configs.

Find every leaked secret on your machine. GhostHunt is an MCP server that scans your development machine for API keys, tokens, and credentials hiding in places you forgot to check: files scattered across projects, shell history, AWS/SSH/Docker configs, and more. Everything runs locally. No data leaves your machine. Environment files — recursively finds every , , , etc. under your home directory…

Automatically indexed from public sources. Not yet verified by the developer on Forge.Claim this listing →
1mo agoLast update
Package
Authorio.github.78degrees
LicenseUnknown
Version1.0.0
Sourcemcp-registry
Trust Status
B
60/100Good
Listed in Forge index+10/10
Publisher identity verified+0/25
Publisher: run `forge publish` from the package repo to claim ownership
Ed25519 publish signature+0/10
Included automatically when the publisher runs `forge publish`
Domain verification+0/5
Publisher: host /.well-known/forge.json on the package homepage with { "publisher": "<github-login>" }
CVE scan · clean+30/30
Static analysis · clean+20/20
npm provenance (Sigstore)+0/5
Publish from GitHub Actions with the --provenance flag
Paste into Claude Code, Cursor, or any AI assistant to fix all gaps
StatusCommunity-indexed
PublisherUnverified
SignatureUnsigned
Domain
Provenance
Dependencies60 resolved+ · none vulnerable
Tool surface4 tools · none privileged
Security scan✓ Cleanv1.3.0 · 20d ago
EvalsNone
IndexedJun 13, 2026

Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.

About

Find every leaked secret on your machine. GhostHunt is an MCP server that scans your development machine for API keys, tokens, and credentials hiding in places you forgot to check: files scattered across projects, shell history, AWS/SSH/Docker configs, and more. Everything runs locally. No data leaves your machine. Environment files — recursively finds every , , , etc. under your home directory AWS credentials — and session tokens SSH keys — unprotected private keys in Docker config — registry…

Keywords
mcp