Env & Secrets Audit
Security$99
A deep-scan audit skill that hunts for one of the most common and dangerous mistakes in vibe-coded applications — exposed secrets. Checks source code for hardcoded keys, verifies .env configuration, scans git history for previously committed secrets, checks frontend bundles for leaked variables, and reviews deployment configs. If a secret was ever committed, it flags it as compromised and requiring rotation.
What's Inside
Source code scan for hardcoded API keys & tokens
.env configuration & .gitignore verification
Git history scan for previously committed secrets
Frontend bundle exposure check (Next.js, Vite, CRA)
Deployment config audit (Vercel, Netlify, Docker)
Secret rotation guidance for compromised keys
Skill Preview
env-secrets-audit.md
---
name: env-secrets-audit
description: Audit the project for exposed secrets and env misconfigurations.
---
# Secrets & Environment Variables Audit
Scan the project for exposed or misconfigured secrets. This is one
of the most common and dangerous mistakes in vibe-coded applications.
## Checks
### 1. Source Code Scan
Search all source files for patterns that look like hardcoded secrets:
- API keys: strings matching sk-, pk-, api_key, apiKey
Purchase to see the full skill
Install in Seconds
Copy to your Claude Code skills directory:
cp env-secrets-audit.md .claude/skills/30-day money-back guarantee
Instant delivery via email
Works with Claude Code, Cursor & Codex CLI
Claude CodeCursorCodex CLI