env-secret-exposure-analyzer-mcp
JSON →Scans projects for secret exposure risks in .env files and logs
Tools · 3
- scan_for_secrets Scans source files, config files, and .env files for 20+ secret patterns. Returns file path, line number, severity, and a masked preview — never the full value.
- check_gitignore_coverage Checks whether sensitive files (.env, .env.local, secrets.json, private keys, certificates) are covered by .gitignore. Flags files that could be accidentally committed.
- scan_for_log_leaks Scans source files for console.log / logger calls that print process.env variables or objects with secret-sounding names at runtime. Catches the most common 'it's just a debug line' mistakes.
Environment variables
AWS_SECRET_ACCESS_KEY