Is Secret Scanner free?

Yes, Secret Scanner is free to use.

How do I install Secret Scanner?

Secret Scanner is a local plugin. Install it using npm package: secret-scanner-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What AI apps work with Secret Scanner?

Secret Scanner uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Secret Scanner MCP Server

by Baneado98

Developer ToolsModerate5.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

Scan code/diff for leaked secrets: API keys, private keys, tokens, conn strings, before you commit.

About

Scan code/diff for leaked secrets: API keys, private keys, tokens, conn strings, before you commit.

Security Report

5.2

Moderate5.2Moderate Risk

secret-scanner is a well-architected security tool with clean, focused code and appropriate permission scopes. The MCP server provides local secret detection with no data exfiltration, proper rate limiting on free endpoints, and optional x402 payment gating for unlimited use. Minor code quality improvements around input validation and error handling would strengthen an already solid implementation. Supply chain analysis found 4 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.

7 files analyzed · 10 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-baneado98-secret-scanner": {
      "args": [
        "-y",
        "secret-scanner-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

secret-scanner 🔐

Catch leaked secrets in a diff/file before you commit, push or open a PR.

secret-scanner scans a blob of code, text or a unified git diff for leaked secrets and returns a CLEAN / REVIEW / LEAK verdict. Every finding includes the secret type, provider, severity and line:column, a masked excerpt (the full secret is never echoed), and a remediation note.

Detection is 100% local — the content you scan is never sent anywhere.

MCP server for Claude / Cursor / any agent: npx -y secret-scanner-mcp
Pay-per-call x402 API: POST /pro/scan ($0.02 USDC on Base, no sign-up)
Free HTTP API: POST /scan (rate-limited)

What it catches

Category	Examples
🔑 Provider keys	AWS (`AKIA…`), GitHub (`ghp_…`, fine-grained), OpenAI (`sk-…`), Anthropic (`sk-ant-…`), Stripe (`sk_live_…`), Google (`AIza…`, `GOCSPX-…`), Slack (`xox…`), Twilio, SendGrid, Mailgun, npm (`npm_…`), PyPI, Telegram, Discord, Shopify, Square, DigitalOcean, Cloudflare, Vault, Doppler
📜 Private keys	RSA / EC / DSA / OpenSSH / PGP / encrypted private-key blocks, GCP service-account JSON
🗄️ Connection strings	`postgres://`, `mysql://`, `mongodb+srv://`, `redis://` URIs with embedded passwords; JDBC `password=`; basic-auth URLs
🎫 Tokens	JWTs, generic `api_key = "…"` assignments
🎲 Unknown secrets	high Shannon-entropy base64/hex blobs that look like credentials even without a known prefix

MCP server (free)

{
  "mcpServers": {
    "secret-scanner": { "command": "npx", "args": ["-y", "secret-scanner-mcp"] }
  }
}

Tool: scan_for_secrets — params content (string, required), deep (boolean, optional; adds offline format-validity hints).

Or connect over HTTP at POST /mcp (free).

HTTP API

# Free (rate-limited 30/h/IP)
curl -X POST https://secret-scanner.vercel.app/scan \
  -H 'content-type: application/json' \
  -d '{"content":"AWS_KEY=AKIAIOSFODNN7EXAMPLE"}'

# Paid, deep, unlimited (x402 — agent pays $0.02 USDC automatically)
curl -X POST https://secret-scanner.vercel.app/pro/scan \
  -H 'content-type: application/json' \
  -d '{"content":"<your diff>"}'

Example response:

{
  "verdict": "LEAK",
  "score": 80,
  "summary": "1 potential secret(s) across 1 line(s): AWS×1. Verdict LEAK.",
  "lines": 1,
  "findings": [
    {
      "rule": "aws-access-key-id",
      "title": "AWS Access Key ID",
      "provider": "AWS",
      "severity": "high",
      "line": 1,
      "column": 9,
      "match": "AKIA…MPLE (20 chars)",
      "remediation": "Rotate the IAM key immediately in the AWS console and remove it from history."
    }
  ],
  "meta": { "deep": false, "bytes": 28, "truncated": false, "rulesEvaluated": 35, "entropyFindings": 0 }
}

Why pay-per-call?

The free tier is rate-limited. The /pro/scan route is gated by x402: your agent pays $0.02 USDC per call on Base automatically — no account, no API key. It settles on-chain to the operator's receiving wallet. Deep mode adds offline structural-validity hints for formats whose shape can be verified without any network call.

Privacy

The scan runs in-process. The content you submit is not stored and not forwarded to any third party. Secrets in findings are always masked (AKIA…MPLE (20 chars)), never returned in full.

License

MIT

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Secret Scanner MCP Server

About

Security Report

Findings (10)Action required

Permissions Required

How to Install

Documentation

secret-scanner 🔐

What it catches

MCP server (free)

HTTP API

Why pay-per-call?

Privacy

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript