credential-free

README.md•2.92 kB

# credential-free MCP server that scans code for exposed secrets. Detects API keys, tokens, and credentials in 69 patterns across cloud, AI, payment, and auth services. ## Quick Setup ( 2 minutes ) ### Install System-wide ⚠️ **Requires Python 3.10+** ```bash # Clone and install git clone <repo-url> cd credential-free pip install -e . # Run server python -m src.server ``` ### Alternative: Requirements File ```bash pip install -r requirements.txt python -m src.server ``` ## Add to Your IDE ### Windsurf / Kiro Edit `mcp_config.json`: ```json { "mcpServers": { "credential-free": { "command": "/usr/bin/python3", "args": ["-m", "src.server"], "env": {} } } } ``` Find your Python path: ```bash # Mac/Linux which python3 # Windows where python ``` ### Claude Desktop Edit `claude_desktop_config.json`: ```json { "mcpServers": { "credential-free": { "command": "/usr/bin/python3", "args": ["-m", "src.server"], "env": {} } } } ``` ## Test It ### MCP Server Test ```bash # Test the server python -c "from src.server import get_patterns; print('Server works!')" ``` ### CLI Test ```bash # Test CLI info python -m src info # Test CLI scan python -m src scan file README.md # Test CLI with exclude patterns python -m src scan directory . --exclude-patterns '.*\.txt$' ``` ## Usage Examples ### MCP Server (AI Assistant) Ask your AI: - "scan this file for secrets" - "check my project for exposed api keys" - "what patterns do you detect?" - "find any hardcoded credentials" - "scan my project but exclude .txt files" ### CLI (Standalone) ```bash # Scan single file python -m src scan file config.py # Scan directory with exclusions python -m src scan directory . --exclude-patterns '.*\.txt$' '.*\.md$' # Scan text content python -m src scan content "AKIAIOSFODNN7EXAMPLE" # Show scanner info python -m src info ``` ## tools | MCP Tool | CLI Command | description | |----------|-------------|-------------| | `scan_file` | `python -m src scan file` | scan a file for secrets | | `scan_directory` | `python -m src scan directory` | scan a folder recursively (supports exclude_patterns) | | `scan_content` | `python -m src scan content` | scan text directly | | `get_patterns` | `python -m src info` | list detection patterns | ## what it detects 69 patterns across: - **cloud**: aws, gcp, azure, vercel, heroku - **ai**: openai, anthropic, huggingface, groq - **payment**: stripe, square - **auth**: github, gitlab, slack, discord - **database**: postgresql, mongodb, redis ## example output ```json { "success": true, "count": 2, "findings": [ { "type": "AWS Access Key", "value": "AKIA****MPLE", "severity": "CRITICAL", "category": "cloud" } ] } ``` ## docker ```bash docker build -t credential-free . docker run credential-free ``` --- built for aws global vibe hackathon 2025

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/skutry/credential-free'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

README.md•2.92 kB