tools.knurl/secret-scanner
Official1 toolScan configs, files, or text for leaked secrets and obvious misconfigurations. Nothing stored.
Scan configurations and files for leaked secrets and security misconfigurations.
Captured live from the server via tools/list.
scan_for_secrets
Scan a pasted config, file, code snippet, or blob for exposed credentials and obvious security misconfigurations. Use whenever a user shares a .env, docker-compose.yml, nginx.conf, JSON/YAML config, or any text and asks "is this safe to share/commit?", "any leaked API keys/secrets?", or "what's misconfigured?". Detects cloud credentials, Stripe/GitHub/GitLab tokens, OpenAI/Anthropic/Gemini/Hugging Face/Groq/Replicate keys, private-key blocks, JWTs, DB connection strings, plus misconfigs like debug-on, 0.0.0.0 binds, disabled TLS verification, privileged containers, and weak passwords. Deterministic. It analyzes the provided text and returns findings only — it never stores, transmits, or requires any live credential.
Parameters (2)
- textstring
A single blob to scan.
- filesarray
Multiple named files to scan.
README not available yet.
Install
claude_desktop_config.json
{
"mcpServers": {
"secret-scanner": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://mcp.knurl.tools/mcp"
]
}
}
}Desktop config is stdio-only; this bridges via mcp-remote. Native remote: Settings > Connectors.