Skills

secret-scanning

Installation
SKILL.md

Secret Scanning Skill

Overview

This skill uses the GitHub MCP Server's run_secret_scanning tool to detect secrets in content, files, or git changes. It helps identify sensitive material like API keys, passwords, and credentials that could pose a security risk if exposed.

What counts as a secret?

In this context, values that grant access, impersonate a user or service, sign requests, or decrypt protected data are generally treated as secrets.

Treat these as high-confidence secret material:

  • Access tokens, API keys, and bearer credentials
  • Passwords, database DSNs with embedded credentials, and SMTP auth values
  • Private keys, signing keys, certificates with private key blocks, and SSH keys
  • OAuth client secrets, refresh tokens, and webhook secrets
  • Cloud credentials (AWS/GCP/Azure) and CI/CD deployment credentials

Prefer context, not just regex:

Installs
57
Repository
github/copilot-plugins
GitHub Stars
302
First Seen
Mar 18, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail
secret-scanning — github/copilot-plugins