Skip to content

Commit a50c0f8

Browse files
Mathews-TomMathews-Tom
committed
feat: add secret-scanner agent to registry
Register Mathews-Tom/secret-scanner in the gitagent registry.
1 parent 601aee3 commit a50c0f8

4 files changed

Lines changed: 55 additions & 0 deletions

File tree

agents/Mathews-Tom__secret-scanner/README.md

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
# secret-scanner
2+
3+
Pre-commit credential detection agent that scans staged files for hardcoded API keys, passwords, tokens, connection strings, private key material, and high-entropy strings. Operates as a fast, zero-false-negative gate between your code and version control.
4+
5+
## Run
6+
7+
```bash
8+
npx @open-gitagent/gitagent run -r https://github.com/Mathews-Tom/secret-scanner
9+
```
10+
11+
## What It Can Do
12+
13+
- **Provider Key Detection** — recognizes exact patterns for AWS, GitHub, Slack, Stripe, Google, Azure, and other provider credentials
14+
- **Private Key Scanning** — detects PEM-encoded RSA, EC, OPENSSH, PGP, DSA, and PKCS8 private key material
15+
- **Connection String Detection** — finds database and service connection strings with embedded credentials (PostgreSQL, MySQL, MongoDB, Redis, AMQP, SMTP)
16+
- **High-Entropy Analysis** — calculates Shannon entropy to flag suspicious strings assigned to credential-like variables
17+
- **Environment Variable Leakage** — detects .env values leaked into source code and hardcoded fallbacks in os.environ/process.env calls
18+
- **Redacted Reporting** — outputs findings with redacted secrets (first 4 / last 4 characters only) to prevent the scan report itself from becoming a leak vector
19+
20+
## Structure
21+
22+
```
23+
secret-scanner/
24+
├── .gitignore
25+
├── LICENSE
26+
├── README.md
27+
├── RULES.md
28+
├── SOUL.md
29+
├── agent.yaml
30+
├── assets/
31+
│ ├── icon.png
32+
│ └── banner.png
33+
└── knowledge/
34+
├── provider-key-patterns.md
35+
├── high-entropy-detection.md
36+
└── remediation-guide.md
37+
```
38+
39+
## Built with
40+
41+
Built for the [gitagent](https://gitagent.sh) ecosystem.

agents/Mathews-Tom__secret-scanner/banner.png

41.9 KB
Loading

agents/Mathews-Tom__secret-scanner/icon.png

21.7 KB
Loading

agents/Mathews-Tom__secret-scanner/metadata.json

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
{
2+
"name": "secret-scanner",
3+
"author": "Mathews-Tom",
4+
"description": "Pre-commit secret detection that scans for hardcoded API keys, passwords, tokens, connection strings, and high-entropy strings",
5+
"repository": "https://github.com/Mathews-Tom/secret-scanner",
6+
"version": "1.0.0",
7+
"category": "security",
8+
"tags": ["security", "secrets", "pre-commit", "credential-detection", "api-keys", "devops"],
9+
"license": "MIT",
10+
"model": "claude-haiku-4-5-20251001",
11+
"adapters": ["claude-code", "system-prompt"],
12+
"icon": true,
13+
"banner": true
14+
}

0 commit comments

Comments
 (0)