claudleak

claudleak is a specialized tool designed to identify and report leaked credentials within AI coding tool configuration files found in public GitHub repositories. It addresses the growing concern of sensitive information exposure through AI-generated or AI-assisted code artifacts.

Key Features:

• Targeted Scanning: Focuses on common AI coding tool configuration paths such as .claude/, .cursor/, .continue/, .codex/, CLAUDE.md, and AGENTS.md.
• TruffleHog Integration: Leverages the robust secret detection capabilities of TruffleHog to accurately identify various types of credentials.
• GitHub Code Search Integration: Utilizes GitHub's powerful code search to discover relevant repositories containing AI configuration files.
• Automated Workflow: Streamlines the process from repository discovery and cloning to secret scanning and reporting.
• Flexible Output: Provides results in both human-readable table format and JSON for easy integration into other security workflows.
• Configurable Operations: Allows users to control scan parameters like the maximum number of repositories, concurrent workers, and filtering options (e.g., --verified-only, --org, --user).

Use Cases:

• Security Audits: Conduct comprehensive audits of public codebases for accidental credential leaks related to AI development.
• Threat Intelligence: Gather intelligence on exposed secrets that could be exploited by malicious actors.
• Developer Education: Highlight common pitfalls in secret management within AI development practices.
• Red Team Engagements: Simulate real-world attacks by identifying publicly accessible credentials.

How It Works:

1. Discovery: Initiates a search across GitHub Code Search for repositories containing predefined AI coding tool configuration file patterns.
2. Clone: Clones the identified repositories to a temporary local directory for analysis.
3. Scan: Executes TruffleHog against the cloned repositories, specifically focusing on the AI config paths to detect embedded secrets.
4. Report: Presents the findings in a clear, actionable format, either as a table in the console or as structured JSON output.

Installation:

go install github.com/niels/claudleak/cmd/claudleak@latest

Or build from source:

git clone https://github.com/niels/claudleak.git
cd claudleak
go build -o claudleak ./cmd/claudleak/

Usage:

GITHUB_TOKEN="ghp_..." ./claudleak