credential-leak-detector
CommunityStop secret leaks before they hit chat
Software Engineering#security#api keys#secret detection#redaction#credential scanning#bash output#post-tool hook
AuthorJKHeadley
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Bash output can expose API keys, private keys, tokens, and passwords to the conversation, logs, and context windows before anyone notices. This Skill catches those leaks immediately so sensitive values do not spread further.
Core Features & Use Cases
- Critical blocking: Stops outputs containing live credentials like OpenAI keys, AWS keys, GitHub tokens, Stripe secrets, and PEM private keys.
- Redaction and warnings: Masks high-severity matches and flags suspicious patterns such as bearer tokens, auth strings, and high-entropy secrets.
- Post-tool-use protection: Works after a Bash command runs, which makes it ideal for diagnostics, container inspection, Kubernetes output, and any command that may print hidden secrets.
Quick Start
Ask the assistant to install this hook so every Bash command output is scanned for secrets, critical leaks are blocked, and suspicious values are redacted or flagged before they appear in chat.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: credential-leak-detector Download link: https://github.com/JKHeadley/instar/archive/main.zip#credential-leak-detector Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.