Your AI Coder Writes Fast. It Also Writes API Keys Into Source Files.
An open-source skill for Cursor, Claude Code, Copilot, and any agent that reads AGENTS.md.
The leak that happens before git push
If you use AI coding agents, you’ve probably seen this:
stripe.api_key = "sk_live_..."Or a Postgres URL with a real password. Or an OpenAI key in a .env the agent created and almost committed.
The agent isn’t malicious. It’s pattern-matching from training data and “finishing” config files the way tutorials do — with inline secrets.
Traditional tools catch this later:
Tool: When it runs
GitHub secret scanning: After push
gitleaks / truffleHog: After commit (or in CI)
Pre-commit hooks: At commit time
All useful. None of them run inside the agent while the model is still generating the file.
That gap is what leash-secrets fills.
What leash-secrets does
leash-secrets is an AI agent skill — a protocol your coding agent follows on every edit:
SCAN every line for known secret patterns
CLASSIFY as critical, warning, or safe (placeholders like
changemepass through)BLOCK critical findings — show redacted value, explain risk, provide fix steps
ACT — replace hardcoded secrets with env vars, update
.env.example, check.gitignore
When it fires, the output looks like this:
⛔ LEASH-SECRETS — SECRET DETECTED
━━━━━━━━━━━━━━━━━━━━━━━━━
Type: Stripe Live Secret Key
File: payments.py:3
Value: sk_liv....9iU
Risk: Can create charges and access customer payment data.
━━━━━━━━━━━━━━━━━━━━━━━━━
FIX: Use STRIPE_SECRET_KEY env var + .env.example entryThe agent stops. The key doesn’t make it into the repo.
Where it runs
Install once; it wires into whichever agents you use:
Cursor —
.cursor/rules/leash-secrets.mdcClaude Code / Codex / Cline —
skills/orAGENTS.mdGitHub Copilot —
.github/copilot-instructions.mdGemini CLI, Windsurf — supported via the universal installer
Install (macOS / Linux / WSL):
curl -fsSL https://raw.githubusercontent.com/FasterApiWeb/leash-secrets/main/scripts/install.sh | bashCLI only:
npm install -g leash-secrets
leash-secrets scan .Patrol mode is on by default — the agent checks as it writes. A pre-commit hook is there as a second line of defense.
Coverage
71 patterns across 11 provider categories:
Cloud: AWS, GCP, Azure
AI: OpenAI, Anthropic, Hugging Face, Cohere, Replicate
Payments: Stripe, PayPal, Square
Databases: PostgreSQL, MySQL, MongoDB, Redis, Supabase, PlanetScale
Messaging: Slack, Discord, Twilio, SendGrid
CI/CD: npm, PyPI, Docker Hub, Vercel, Terraform
Crypto: RSA, OpenSSH, EC, PGP private keys
Generic: passwords, JWT secrets, Bearer tokens
Patterns are JSON — add your own (patterns/my-company.json) and contribute upstream.
Benchmarks (reproducible, not hand-wavy)
I’m skeptical of security tools that claim “94% accuracy” with no corpus. So leash-secrets ships a published benchmark:
41 labeled cases in
benchmarks/corpus/cases.jsonRun locally:
npm run benchmark:corpus
Last results (pattern scanner):
Metric Result Recall (30 positives) 100% False positives (8 negatives) 0% Known documented gaps 3
Those 3 gaps are intentional honesty: multiline secrets, base64-only blobs, truncated tokens. We document them instead of hiding them.
This measures the regex scanner — reproducible and verifiable. I’m not publishing unverified “LLM prompt compliance” numbers.
How it fits your stack
leash-secrets does not replace gitleaks, GitHub secret scanning, or your SAST pipeline.
Think of it as defense layer 0:
Agent writes code → leash-secrets blocks secrets
↓
File saved → pre-commit hook (backup)
↓
Commit → gitleaks / CI
↓
Push → GitHub secret scanningEach layer catches what the previous one missed.
Project status
Open source (MIT)
npm:
leash-secrets@1.2.1Maintained by EshwarCVS / FasterApiWeb
Good first issues are open if you want to add patterns (Datadog, Sentry, Cloudflare) or stack-specific guides.
Try it
Run the installer (takes ~30 seconds)
Ask your agent to “add Stripe payments” or “connect to Postgres”
Watch whether it reaches for env vars instead of hardcoding keys
If you hit false positives or want a provider we don’t cover yet, open an issue. This is early — feedback shapes what ships next.
Links
Benchmark corpus: https://github.com/FasterApiWeb/leash-secrets/tree/main/benchmarks
If you use leash-secrets in a project or paper, cite via CITATION.cff.

