Detects leaked secrets & API keys: 32+ provider rules (AWS, GitHub, Stripe, OpenAI…), zero deps.
MCP server that detects leaked credentials in source code. Zero dependencies. Single file. Detects API keys, OAuth tokens, private keys, webhooks, and crypto wallet secrets across 30+ providers (AWS, GCP, GitHub, Stripe, OpenAI, Anthropic, Slack, Discord, Telegram, Twilio, SendGrid, Heroku, DigitalOcean, npm, HuggingFace, Replicate, Cloudflare, and more). Companion to skill-audit-mcp (behavioral…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
MCP server that detects leaked credentials in source code. Zero dependencies. Single file. Detects API keys, OAuth tokens, private keys, webhooks, and crypto wallet secrets across 30+ providers (AWS, GCP, GitHub, Stripe, OpenAI, Anthropic, Slack, Discord, Telegram, Twilio, SendGrid, Heroku, DigitalOcean, npm, HuggingFace, Replicate, Cloudflare, and more). Companion to skill-audit-mcp (behavioral patterns) — together they cover secrets + behaviors in one Most secret scanners are giant Go…