cyberneticlibrary
← library

Find hardcoded secrets in code

sast-hardcodedsecretsskillsetup L30
reasonless-throne486/sast-skills
What it does

Detect hardcoded sensitive data in code

Best for

Finding exposed API keys, credentials, and tokens that code review and linters miss

Inputs
  • · Codebase under analysis
  • · sast/architecture.md (prerequisite)
Outputs
  • · sast/hardcodedsecrets-results.md with findings
  • · API keys, passwords, tokens consolidated
Preconditions
  • · sast/architecture.md must exist
  • · Source code accessible for scanning
Failure modes
  • · Obfuscated secrets bypass string matching
  • · Entropy thresholds miss weak passwords
  • · False positives on test fixtures and examples
Trust signals
  • · Batched verify approach finds secrets across codebase
  • · Distinguishes real secrets from test data
  • · Consolidates findings into actionable report