npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@lazymac/secrets-scanner-mcp

v1.0.0

Published

AI-native secrets and credentials scanner MCP server — detects leaked API keys, tokens, private keys, and database URLs in files, directories, clipboards, and git history. Purpose-built for Claude agents that need to gate commits and PRs against accidenta

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

lazymaclazymac

Keywords

mcpclaudesecrets-scannersecuritycredential-leak

Readme

@lazymac/secrets-scanner-mcp

Stop your Claude agent from committing your AWS keys.

npm version npm downloads license: MIT Node

A Model Context Protocol (MCP) server that detects leaked API keys, tokens, private keys, database URLs, and other credentials in files, directories, arbitrary text, and git history — purpose-built for Claude agents that write code and open PRs on your behalf.

Why

AI agents ship code fast. Too fast. One misread .env.example and your agent happily pastes a live OpenAI key into a public commit.

secrets-scanner-mcp gives Claude a pre-flight check it can run before every file write and git push:

  • On file content — scan a buffer before fs.writeFile
  • On a whole directory — nightly audits of a repo
  • On arbitrary text — clipboard pastes, PR diffs, issue comments
  • On git history — find secrets committed and "removed" (but still in the object store)

Covers AWS keys, GitHub PATs, OpenAI / Anthropic / Stripe / Twilio / SendGrid / Slack tokens, private keys (RSA / EC / OpenSSH), JWTs, DB connection strings, and generic high-entropy secret assignments.

Designed for:

  • Claude agents writing code autonomously — gate the commit
  • Pre-commit hooks triggered by natural-language prompts
  • Security teams doing bulk repo sweeps with an LLM orchestrator

Install

npx -y @lazymac/secrets-scanner-mcp

Claude Desktop configuration

{
  "mcpServers": {
    "secrets-scanner": {
      "command": "npx",
      "args": ["-y", "@lazymac/secrets-scanner-mcp"]
    }
  }
}

Claude Code

claude mcp add secrets-scanner -- npx -y @lazymac/secrets-scanner-mcp

Tools

| Tool | Input | Description | |---|---|---| | scan_file | path: string | Scan one file. Returns findings with severity (critical/high/medium/low), line numbers, and remediation advice. Binary files auto-skip. | | scan_directory | path: string, ignore?: string[], max_depth?: number | Recursive scan. Skips node_modules, .git, binaries automatically. Optional glob ignores. | | scan_text | content: string, context?: string | Scan arbitrary text — clipboard, PR diff, code snippet, anything. No disk I/O. | | scan_git_history | repo_path: string, commits?: number | Scans diffs of recent commits (default 50) for secrets that were committed and later removed. | | check_gitignore | path: string | Verifies .gitignore excludes .env, *.pem, *.key, credentials.json, etc. Returns missing patterns. | | generate_report | findings: object[], format: "markdown"\|"json" | Turns raw findings into a reviewer-friendly Markdown / JSON report with severity summary and remediation steps. |

Examples

1. Pre-commit sweep before git push

"Call scan_directory on . with ignore: ["dist/", "coverage/"]. If anything critical, abort and tell me which lines."

2. Vet a PR diff from a contributor

"Here's the diff from PR #123. Run scan_text on it with context: "PR #123". Summarize findings."

3. Deep git history audit after a suspected leak

"Run scan_git_history on ~/Projects/api-backend with commits: 500. Then generate_report in markdown. I need every author and date for the compliance team."

4. Bootstrap a new repo safely

"I just ran git init. Call check_gitignore on the current directory and append any missing secret-related patterns."

Detection coverage

  • AWS Access Key / Secret Key
  • GitHub token (ghp_, ghs_)
  • OpenAI API key (sk-…)
  • Slack token (xoxb-, xoxp-, etc.)
  • Stripe live / test keys
  • SendGrid, Twilio, Heroku, Google API keys
  • JWT tokens
  • Private keys (RSA / EC / DSA / OpenSSH)
  • Database URLs (postgres://, mysql://, mongodb://, redis://)
  • Generic high-entropy secret assignments (PASSWORD=…, API_KEY=…, etc.)

Pattern + entropy hybrid. Binary file skip. Works across JS, TS, Python, Ruby, Go, Java, config files, and plain text.

한국어 요약

@lazymac/secrets-scanner-mcp 은 Claude 에이전트가 AWS 키, GitHub 토큰, OpenAI 키, private key, DB URL 같은 자격증명을 실수로 커밋/푸시하지 않도록 사전 검사해 주는 MCP 서버입니다.

파일 하나, 디렉토리 전체, 아무 텍스트(클립보드/PR diff), git 커밋 히스토리까지 전부 스캔 가능. 패턴 매칭 + 엔트로피 분석 하이브리드로 false positive 를 줄였습니다.

6개 도구:

  • scan_file — 단일 파일
  • scan_directory — 재귀 스캔 (.git, node_modules 자동 제외)
  • scan_text — 임의 텍스트 (디스크 I/O 없음)
  • scan_git_history — 과거 커밋 diff 검사
  • check_gitignore.gitignore.env, *.pem 등 있는지
  • generate_report — Markdown / JSON 리포트 생성

npx -y @lazymac/secrets-scanner-mcp 로 즉시 사용.

License

MIT © 2026 Dany