Find every leaked secret on your machine — API keys in .env files, shell history, and configs.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"ghosthunt": {
"args": [
"-y",
"ghosthunt"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
GhostHunt is an MCP server that scans your development machine for API keys, tokens, and credentials hiding in places you forgot to check: .env files scattered across projects, shell history, AWS/SSH/Docker configs, and more.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'ghosthunt' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked ghosthunt against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
App framework, testing framework, and inspector for MCP Apps.
MCP Security Weekly
Get CVE alerts and security updates for io.github.78degrees/ghosthunt and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Find every leaked secret on your machine.
GhostHunt is an MCP server that scans your development machine for API keys, tokens, and credentials hiding in places you forgot to check: .env files scattered across projects, shell history, AWS/SSH/Docker configs, and more.
Everything runs locally. No data leaves your machine.
.env, .env.local, .env.production, etc. under your home directory~/.aws/credentials and session tokens~/.ssh/~/.docker/config.json~/.npmrc, ~/.pypirc auth tokens~/.config/gh/hosts.ymlbash, zsh, or fish commands~/.kube/config credentials~/.netrc passwordsAdd to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
{
"mcpServers": {
"ghosthunt": {
"command": "npx",
"args": ["-y", "ghosthunt"]
}
}
}
Restart Claude Desktop. Then ask Claude: "Scan my machine for leaked secrets"
npx ghosthunt
scan_secretsFull detailed scan. Returns every finding with file paths, line numbers, severity ratings, and remediation steps.
Example prompt: "Run a full GhostHunt scan and show me everything"
scan_summaryQuick health check. Returns your health score (0-100) and a count by severity. Run this first to see if you have a problem.
Example prompt: "Give me a quick GhostHunt health check"
# GhostHunt Scan Report
**Health Score: 37/100** (Critical)
- Secrets found: **12**
- Critical: 3 | High: 5 | Medium: 2 | Low: 2
- Locations scanned: 47
- Scan time: 142ms
## Environment Files (.env)
- **[CRITICAL]** Stripe Live Secret Key
- File: `/Users/you/project-a/.env:4`
- Context: `STRIPE_SECRET_KEY`
- Value: `sk_l****_8xQ`
- **[CRITICAL]** OpenAI API Key
- File: `/Users/you/side-project/.env.local:12`
- Context: `OPENAI_API_KEY`
- Value: `sk-p****kFJ9`
## Shell History
- **[HIGH]** Bearer Token in Header
- File: `/Users/you/.zsh_history:8847`
- Context: `curl -H "Authorization: Bearer sk_live_...`
- Value: `sk_l****_m3K`
## Recommendations
1. **Rotate critical secrets immediately.** Any API key marked CRITICAL
should be revoked and regenerated from the provider's dashboard.
2. **Clear your shell history** of sensitive commands.
3. **Audit your .env files.** Ensure they are in .gitignore.
Your score starts at 100 and drops based on what GhostHunt finds:
| Finding | Penalty |
|---|---|
| Critical secret | -15 |
| High severity | -8 |
| Medium severity | -3 |
| Low severity | -1 |
A score below 50 means you have secrets that need immediate attention.
GhostHunt runs entirely on your local machine. It does not:
Your secrets stay on your machine. The scan results stay in your Claude conversation.
MIT