keyway_scan
Detect and identify potential secret leaks in codebases, including AWS keys, GitHub tokens, Stripe keys, and private keys.
Instructions
Scan the codebase for potential secret leaks. Detects AWS keys, GitHub tokens, Stripe keys, private keys, and more.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| path | No | Path to scan (default: current directory) | |
| exclude | No | Additional directories to exclude |
Implementation Reference
- src/tools/scan.ts:418-457 (handler)The main handler function for the `keyway_scan` tool.
export async function scan(args: { path?: string; exclude?: string[] }): Promise<CallToolResult> { const scanPath = args.path || process.cwd(); const excludes = [...DEFAULT_EXCLUDES, ...(args.exclude || [])]; // Validate path exists try { const stats = statSync(scanPath); if (!stats.isDirectory()) { return { content: [{ type: 'text', text: `Error: ${scanPath} is not a directory` }], isError: true, }; } } catch { return { content: [{ type: 'text', text: `Error: Path does not exist: ${scanPath}` }], isError: true, }; } // Perform scan const result = scanDirectory(scanPath, excludes); const response = { path: scanPath, filesScanned: result.filesScanned, findingsCount: result.findings.length, findings: result.findings, }; return { content: [ { type: 'text', text: JSON.stringify(response, null, 2), }, ], isError: false, }; } - src/index.ts:75-83 (registration)Registration of the `keyway_scan` tool within the MCP server.
server.tool( 'keyway_scan', 'Scan the codebase for potential secret leaks. Detects AWS keys, GitHub tokens, Stripe keys, private keys, and more.', { path: z.string().optional().describe('Path to scan (default: current directory)'), exclude: z.array(z.string()).optional().describe('Additional directories to exclude'), }, async (args) => scan(args) );