Discover tools that detect leaked secrets, API keys, and credentials in your codebase before they cause security incidents.
Secret Detection tools are AI-powered software designed to help developers and teams tackle secret detection-related tasks more efficiently. These tools are typically published as open-source projects on GitHub and can be integrated into existing workflows via MCP (Model Context Protocol), Claude Skills, or standalone agent frameworks. On Agent Skills Hub, we index 10 quality-scored secret detection tools across languages including Python, TypeScript, Go.
In 2026, the AI agent ecosystem is maturing rapidly. Secret Detection tools can significantly boost development efficiency by automating repetitive tasks, reducing human error, and providing intelligent suggestions. The top 3 tools — authsome, onecli, spool — have earned an average of 428 GitHub stars, reflecting strong community validation. 8 of the listed tools come with clear open-source licenses, ensuring freedom to use and modify.
When choosing a secret detection tool, consider these factors: 1) Community activity — GitHub stars and recent commit frequency indicate reliability; 2) Integration method — check if it supports MCP, Claude, or your preferred agent framework; 3) Language compatibility — the most common language in this list is Python; 4) Quality score — Agent Skills Hub's composite score evaluates code quality, documentation completeness, and maintenance activity. Our recommendation: start with authsome — it ranks highest in both star count and quality score.
Credential gateway for AI agents. Log in once via Oauth2 or API Key. Every agent stays authenticated — headless, no SaaS, agents never see your credentials.
Open-source credential gateway with a built-in vault. give your AI agents access to services without exposing keys.
Your local AI session library. Browse, pin, and ⌘K-search every Claude Code, Codex, Gemini & OpenCode session — and let the built-in scanner catch leaked secrets. Local-first, nothing leaves your machine.
```bash
curl -fsSL https://spool.pro/install.sh | bash
```The local firewall for AI agents — keep your secrets off the model, the API relay, and the supply chain. Local credential masking, per-route model routing, and security detectors on the wire. Free & fully open source.
Open-source Runtime Security for tool-using AI agents providing permissions, credentials, policy enforcement, and audit trails.
Prismor (formerly Immunity Agent) - runtime security for Claude Code, Cursor, Windsurf & other AI coding agents. PreToolUse hooks that block dangerous commands, prevent secret leaks, stop prompt injection, and gate risky package installs.
A secure credential proxy for CLI tools. Executes tools with secrets on behalf of sandboxed processes - credentials never enter the sandbox.
Zero-knowledge secrets infrastructure built for AI agents to operate, not just consume.
🤖 Curated AI OSINT resources — Google dorks, Shodan queries, GitHub dorks, and techniques to discover exposed LLM endpoints, leaked AI API keys, misconfigured vector databases, and unprotected AI agents
Security plugin for OpenClaw agents - prevents secret leaks, PII exposure, and destructive command execution
| Tool | Stars | Language | License | Score |
|---|---|---|---|---|
| authsome | ★ 52 | Python | MIT | 40 |
| onecli | ★ 2.4k | TypeScript | Apache-2.0 | 51 |
| spool | ★ 558 | TypeScript | — | 38 |
| agentfw | ★ 360 | TypeScript | MIT | 43 |
| kontext-cli | ★ 207 | Go | MIT | 48 |
| prismor | ★ 214 | Python | Apache-2.0 | 45 |
| claw-wrap | ★ 136 | Go | MIT | 48 |
| agentsecrets | ★ 142 | Go | MIT | 46 |
| ai_osint | ★ 95 | — | — | 47 |
| openclaw-shield | ★ 85 | TypeScript | Apache-2.0 | 42 |
The top secret detection tools in 2026 are authsome, onecli, spool. Agent Skills Hub ranks 10 options by GitHub stars, quality score (6 dimensions including completeness, examples, and agent readiness), and recent activity. The list is rebuilt every 8 hours from live GitHub data.
authsome (52 stars) is the most adopted choice for general secret detection workflows, written in Python. onecli (2.4k stars) is a strong alternative and uses TypeScript instead. Pick by your existing stack: match the language and runtime your team already uses to minimize integration cost. If unsure, start with authsome — it has the deepest community and the most examples online.
Avoid pre-built secret detection tools when (1) your use case requires deep customization that the tool's plugin system doesn't support, (2) you have strict compliance requirements that ban third-party dependencies, (3) the tool's maintenance is inactive (last commit >6 months ago), or (4) your data volume is small enough that a 50-line custom script is cheaper than learning the tool. For most production workflows above 100 requests/day, the time savings from a maintained tool outweigh the customization loss.
Secret Detection focuses specifically on discover tools that detect leaked secrets, api keys, and credentials in your codebase before they cause security incidents. Security Auditing is a related but distinct category — see https://agentskillshub.top/best/security-audit/ for those tools. The two often appear in the same agent pipeline but solve different problems: choose secret detection when your primary goal is the specific task, and security auditing when the workflow is broader.
For most teams, yes. authsome has 52 stars worth of community testing, handles edge cases you haven't thought of, and ships with documentation. Build your own only when (1) your requirements are deeply non-standard, (2) you have a security/compliance reason to avoid OSS dependencies, or (3) the maintenance burden is small enough (<200 lines of code) that you'll save time long-term. The break-even point is usually around 2-3 weeks of dev time saved.
Most secret detection tools listed are open source under permissive licenses (MIT, Apache 2.0). A handful offer paid managed/cloud versions on top of free self-hosted core. Always check the LICENSE file on each tool's GitHub repository before commercial use — some use AGPL or non-commercial restrictions that may not fit your deployment model.