Context-aware secret scanner: lets an AI agent scan, verify, and rewrite secrets before committing.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"leakferret": {
"args": [
"@leakferret/mcp"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
MCP-native secret scanner — verified findings, agent-applied rewrites.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y '@leakferret/mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked @leakferret/mcp against OSV.dev.
Click any tool to inspect its schema.
secret-typesExposes the engine's catalog of every detectable secret pattern across 60+ types
leakferret://secret-types
verifiersExposes the list of live-verification providers supported by the engine (~25 providers)
leakferret://verifiers
classifyAllows an agent to classify secret candidates inline using the model it already has
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in ai-ml
Dynamic problem-solving through sequential thought chains
Persistent memory using a knowledge graph
An autonomous agent that conducts deep research on any data using any LLM providers
🌊 The leading agent orchestration platform for Claude. Deploy intelligent multi-agent swarms, coordinate autonomous workflows, and build conversational AI systems. Features enterprise-grade architecture, distributed swarm intelligence, RAG integration, and native Claude Code / Codex Integration
MCP Security Weekly
Get CVE alerts and security updates for io.github.leakferrethq/leakferret and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
MCP-native secret scanner — verified findings, agent-applied rewrites.
leakferret is one fast Rust binary that is engine, CLI, and MCP server. It finds hardcoded secrets in your code, calls the provider to confirm which ones are actually live, and rewrites the leak in place to read from an environment variable. It runs in your terminal, in CI, and as a tool your coding agent calls before it commits — and the raw secret never leaves your machine.
Say you accidentally commit a real key, plus the usual noise:
# .env — every key below is fabricated for this example
STRIPE_SECRET_KEY=sk_live_FAKE_example_not_a_real_key # fabricated
GITHUB_TOKEN=ghp_FAKE_example_not_a_real_token # fabricated
SENDGRID_API_KEY=${SENDGRID_API_KEY} # a reference — not a leak
ADMIN_PASSWORD=changeme # a placeholder — not a leak
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE # AWS's public docs example
leakferret verify calls each provider and tells you what is real and live —
and stays quiet on the rest:
$ leakferret verify .
.env
L2 UNKNOWN CRITICAL stripe_secret sk_l..._key
L3 VERIFIED CRITICAL github_token ghp_...oken ← live, rotate it now
2 findings · 1 verified · 1 unknown
The keys above are fabricated, so the VERIFIED line illustrates what a
genuinely live key reports — on these examples both would be UNKNOWN.
The ${SENDGRID_API_KEY} reference, the changeme placeholder, and the
well-known AKIAIOSFODNN7EXAMPLE example are recognized and left out — that
precision is the point. Then leakferret rewrite --apply rewrites the
hardcoded key in your code (it leaves .env files alone — there's nothing
sensible to rewrite a secret to there):
# app/billing.rb (fabricated example)
- Stripe.api_key = "sk_live_FAKE_example_not_a_real_key" # fabricated
+ Stripe.api_key = ENV.fetch("STRIPE_API_KEY")
…and appends STRIPE_API_KEY= to .env.example with a seed command for your
secret manager. Find → confirm live → fix, with almost no false alarms.
The full secret value never leaves your machine. Only a redacted
AKIA...4XYZpreview is ever written to a report, log, or network message.
Install however you like — every package ships the same prebuilt binary.
# Ruby gem
gem install leakferret
# npm (CLI)
npm i -g @leakferret/cli
# Go
go install github.com/leakferrethq/leakferret-go/cmd/leakferret@latest
# Native binary — download from GitHub Releases, unpack, and put it on $PATH:
# https://github.com/leakferrethq/leakferret/releases
# Rust, from source
cargo install leakferret-cli
Then scan the current directory:
leakferret scan .
scan respects .gitignore and also reads dotfiles such as .env. Add
--git to walk commit history instead of the working tree.
Every wrapper honors a
LEAKFERRET_BINenvironment variable pointing at a local binary, for offline or development use.