$ man secrets-exposure-check
/secrets-exposure-check
PRICE / CALL
$0.02
USDC · base mainnet · scheme: exact
──────────────────────────────────────────────────────────────────────────────
NAME
secrets-exposure-check — scans project config files for hardcoded secrets before you deploy
SYNOPSIS
POST https://x402.agentutility.ai/secrets-exposure-check
Content-Type: application/json
X-PAYMENT: <signed-transferWithAuthorization>
{ ... }↳ first call → 402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.
DESCRIPTION
Scans project config files for hardcoded secrets before you deploy. Fetches top-level config files (.env*, wrangler.toml, vercel.json, next.config.*, package.json, etc.) and scans for hardcoded AWS/OpenAI/Anthropic/Stripe/GitHub keys, private keys, DB URLs with passwords, JWT secrets, weak values in .env.example, and server-only env vars accidentally exposed via NEXT_PUBLIC_. Returns 0-100 score, per-finding kind/severity/path/line/redacted-evidence/recommendation, and a Venice plain-English verdict. Dual input: {repo: 'owner/name'} for public GitHub or {files: [{path, content}, ...]} for private / agent-workspace use. Use it as a secrets exposure scan, hardcoded API key detector, .env-committed-key audit, Next.js client env leak detector, or pre-deploy secret gate.
OUTPUT — response shape
| field | type | description |
|---|
| score | number | 0-100 secrets-exposure score; higher means more or more severe hardcoded keys and leaks found. |
| risk_level | string | Bucketed verdict (e.g. low/medium/high/critical) derived from the score and worst-finding severity. |
| findings | array | Array of detected leaks, each with kind, severity, path, line, redacted evidence, and a recommendation. |
| signals | object | Per-category counts and flags (AWS, OpenAI, Stripe, private keys, NEXT_PUBLIC leaks, weak .env.example, etc.). |
| summary | string | Venice-generated plain-English verdict explaining the worst leaks and what to rotate or fix before deploy. |
| metadata | object | Scan metadata: repo or file count, files scanned, bytes, timings, and model/version used for the verdict. |
EXAMPLES — two ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.agentutility.ai/secrets-exposure-check \
-H 'Content-Type: application/json' \
-d '{ }'first response = 402 Payment Required with payment requirements; sign + retry with X-PAYMENT.
EXAMPLE 2 · mcp
# Install the MCP package for this endpoint's cluster
npx -y @agentutility/mcp-<cluster>
# Required: EVM private key with USDC on Base
export X402_PRIVATE_KEY=0x...
# Then call the secrets-exposure-check tool from your MCP-aware agent.
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
- tags
- securitysecretsenvhardcoded-keysprooflayer
- env
- VENICE_API_KEY
- methods
- POST
- cluster
- prooflayer
- price
- $0.02 USDC per call
ADJACENT — other endpoints in prooflayer