secret-scanner

secret-scanner

Enables scanning diffs or code blobs for leaked secrets, returning a verdict with severity and masked findings, all processed locally with no data sent externally.

Category
Visit Server

README

secret-scanner 🔐

Catch leaked secrets in a diff/file before you commit, push or open a PR.

secret-scanner scans a blob of code, text or a unified git diff for leaked secrets and returns a CLEAN / REVIEW / LEAK verdict. Every finding includes the secret type, provider, severity and line:column, a masked excerpt (the full secret is never echoed), and a remediation note.

Detection is 100% local — the content you scan is never sent anywhere.

  • MCP server for Claude / Cursor / any agent: npx -y secret-scanner-mcp
  • Pay-per-call x402 API: POST /pro/scan ($0.02 USDC on Base, no sign-up)
  • Free HTTP API: POST /scan (rate-limited)

What it catches

Category Examples
🔑 Provider keys AWS (AKIA…), GitHub (ghp_…, fine-grained), OpenAI (sk-…), Anthropic (sk-ant-…), Stripe (sk_live_…), Google (AIza…, GOCSPX-…), Slack (xox…), Twilio, SendGrid, Mailgun, npm (npm_…), PyPI, Telegram, Discord, Shopify, Square, DigitalOcean, Cloudflare, Vault, Doppler
📜 Private keys RSA / EC / DSA / OpenSSH / PGP / encrypted private-key blocks, GCP service-account JSON
🗄️ Connection strings postgres://, mysql://, mongodb+srv://, redis:// URIs with embedded passwords; JDBC password=; basic-auth URLs
🎫 Tokens JWTs, generic api_key = "…" assignments
🎲 Unknown secrets high Shannon-entropy base64/hex blobs that look like credentials even without a known prefix

MCP server (free)

{
  "mcpServers": {
    "secret-scanner": { "command": "npx", "args": ["-y", "secret-scanner-mcp"] }
  }
}

Tool: scan_for_secrets — params content (string, required), deep (boolean, optional; adds offline format-validity hints).

Or connect over HTTP at POST /mcp (free).

HTTP API

# Free (rate-limited 30/h/IP)
curl -X POST https://secret-scanner.vercel.app/scan \
  -H 'content-type: application/json' \
  -d '{"content":"AWS_KEY=AKIAIOSFODNN7EXAMPLE"}'

# Paid, deep, unlimited (x402 — agent pays $0.02 USDC automatically)
curl -X POST https://secret-scanner.vercel.app/pro/scan \
  -H 'content-type: application/json' \
  -d '{"content":"<your diff>"}'

Example response:

{
  "verdict": "LEAK",
  "score": 80,
  "summary": "1 potential secret(s) across 1 line(s): AWS×1. Verdict LEAK.",
  "lines": 1,
  "findings": [
    {
      "rule": "aws-access-key-id",
      "title": "AWS Access Key ID",
      "provider": "AWS",
      "severity": "high",
      "line": 1,
      "column": 9,
      "match": "AKIA…MPLE (20 chars)",
      "remediation": "Rotate the IAM key immediately in the AWS console and remove it from history."
    }
  ],
  "meta": { "deep": false, "bytes": 28, "truncated": false, "rulesEvaluated": 35, "entropyFindings": 0 }
}

Why pay-per-call?

The free tier is rate-limited. The /pro/scan route is gated by x402: your agent pays $0.02 USDC per call on Base automatically — no account, no API key. It settles on-chain to the operator's receiving wallet. Deep mode adds offline structural-validity hints for formats whose shape can be verified without any network call.

Privacy

The scan runs in-process. The content you submit is not stored and not forwarded to any third party. Secrets in findings are always masked (AKIA…MPLE (20 chars)), never returned in full.

License

MIT

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured