Back to Home
skutry icon

credential-free

Verified Safe

by skutry

View Source

Overview

A local MCP server and CLI tool for static analysis to detect hardcoded API keys, tokens, and credentials in source code and files.

Installation

Run Command
python -m src.server

Security Notes

The codebase demonstrates good security practices for a tool processing arbitrary user files. It actively prevents path traversal, limits file and archive member sizes to mitigate resource exhaustion and regex DoS attacks on long lines, and does not use dangerous functions like 'eval'. No hardcoded secrets for its own operation were found. The tool's scanning logic is local, minimizing external attack surface.

Similar Servers

mcp-watch

111

A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.

Other
9
$High

copilot-security-instructions

32

This MCP server provides a toolkit to guide GitHub Copilot toward secure coding practices by offering customizable security-focused prompts and agents for integration into development workflows.

Other
6
$Low

ggmcp

27

A focused MCP server for developers, providing remediation tools for secrets detected in code and honeytoken management capabilities.

Other
9
$Medium

treesitter-mcp

16

Provides a Model Context Protocol (MCP) server and CLI for static code analysis using Tree-sitter.

Other
8
$High

Stats

Interest Score0
Security Score9
Cost ClassLow
Avg Tokens500
Stars0
Forks0
Last Update2025-12-01

Tags

code securitystatic analysissecret detectiondeveloper toolpython