Scan a pasted config, file, code snippet, or blob for exposed credentials and obvious security misconfigurations. Use whenever a user shares a .env, docker-compose.yml, nginx.conf, JSON/YAML config, or any text and asks "is this safe to share/commit?", "any leaked API keys/secrets?", or "what's misconfigured?". Detects cloud credentials, Stripe/GitHub/GitLab tokens, OpenAI/Anthropic/Gemini/Hugging Face/Groq/Replicate keys, private-key blocks, JWTs, DB connection strings, plus misconfigs like debug-on, 0.0.0.0 binds, disabled TLS verification, privileged containers, and weak passwords. Deterministic. It analyzes the provided text and returns findings only — it never stores, transmits, or requires any live credential.