Secrets Sweeper — Loot Protocol

Loot Protocol is a marketplace for AI coding extensions — skills, MCP servers, and plugins that enhance Claude Code and Cursor. Install with a single CLI command. Learn more →

Skill

Secrets Sweeper

Scans the diff for accidentally committed API keys, tokens, and credentials. Recognizes patterns from 60+ providers.

devon-walsh·1.4k·v1.0.0

Get Started

1Install the CLIbrew install lootprotocol/tap/loot

2Log inloot login

3Learn this extensionloot learn @devon-walsh/secrets-sweeper --claude

Prefer to use your AI agent? Switch to the AI Agent tab below to connect via MCP server instead.

loot learn @devon-walsh/secrets-sweeper --claude

Run in your terminal. Requires the loot CLI — see the installation guide.

Secrets Sweeper#

Scans the current diff (or any path) for accidentally committed secrets — API keys, OAuth tokens, private keys, database URLs with embedded passwords. Recognizes patterns from 60+ providers (AWS, Stripe, GitHub, Slack, Twilio, …) and a high-confidence generic high-entropy detector.

Fast enough for a pre-commit hook; thorough enough for a one-off audit.

Usage#

loot run secrets-sweeper --staged

For a full-history scan: loot run secrets-sweeper --since main.