explaingit

muhammadatef/kakashi

13JavaScriptAudience · developerComplexity · 2/5Setup · easy

TLDR

Kakashi scans files on your computer for secrets like API keys and passwords, replaces them with placeholder tokens before any AI assistant reads the file, and installs as a skill inside Claude Code and 20 other AI tools.

Mindmap

mindmap
  root((repo))
    What It Does
      Secret file scanner
      Token replacement
      Pre-AI masking
    Detects
      API keys
      Passwords
      Credit card numbers
    Commands
      Scan for count
      Mask to new file
      Audit full mapping
    AI Tool Support
      Claude Code skill
      Cursor and Codex
      20 plus tools total
    Tech Stack
      JavaScript
      Node.js 18 plus
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Scan a config file or .env file for API keys before sharing it with an AI coding assistant, so real credentials never leave your machine.

USE CASE 2

Mask all sensitive values in a JSON, Excel, or PDF file and produce a clean copy with placeholder tokens the AI can work with safely.

USE CASE 3

Install the secret scanner across every compatible AI tool on your machine with a single shell command.

Tech stack

JavaScriptNode.js

Getting it running

Difficulty · easy Time to first run · 5min

Requires Node.js 18 or higher, pass file paths to slash commands rather than using @-mention syntax to avoid premature exposure.

In plain English

Kakashi is a tool that scans files on your own computer for sensitive information, such as API keys, passwords, database connection strings, email addresses, phone numbers, and credit card numbers, before those files reach an AI assistant. It installs as a skill directly inside tools like Claude Code, Cursor, Codex CLI, and more than 20 others. Nothing is sent to a remote server: all scanning and masking happens locally on your machine. The problem it addresses is straightforward. When you paste a config file, spreadsheet, or script into an AI chat to ask a coding question, any secrets inside that file travel to the AI provider's servers in plaintext. Kakashi sits between you and that transfer. Before the agent ever reads the file, Kakashi replaces each sensitive value with a placeholder token like [OPENAI_KEY_1] or [DB_CONN_2]. The AI sees only the tokens, not the real values. You can then share the masked file freely without exposing real credentials. Installation takes about 30 seconds. A single shell command detects all compatible agents on your machine and installs the skill for each of them. You can also install for just one agent if you prefer. Node.js version 18 or higher is required. The tool works on macOS, Linux, Windows Subsystem for Linux, Git Bash, and Windows PowerShell. The tool provides three main commands. The scan command checks a file and reports how many findings it found, broken down by category, without printing the actual secret values in the output. The mask command rewrites the file with placeholders in place of the real data and saves a new masked copy. The audit command shows the full original-to-token mapping, which is meant for review in a plain terminal rather than inside an agent context. Kakashi supports more than 50 file formats including PDF, Word documents, Excel spreadsheets, JSON files, and .env files. The README notes one important rule: you should pass a file path to the slash commands rather than using the @-mention syntax that some agents offer, because @-mentions attach the full file content to the AI context before Kakashi has a chance to scan it.

Copy-paste prompts

Prompt 1
I want to share my .env file with Claude Code to get help debugging, but it contains real API keys. Walk me through using Kakashi to mask the file so Claude only sees placeholder tokens like [OPENAI_KEY_1] instead of the real values.
Prompt 2
I ran the Kakashi scan command on my config file and it found 12 findings. Now I want to see the full mapping of which token replaced which original value for my own reference. How do I use the audit command safely outside the AI agent?
Prompt 3
I have a team member who uses Cursor and another who uses Claude Code. How do I install Kakashi as a skill for both tools at once, and what is the correct way to invoke it inside each tool?
Open on GitHub → Explain another repo

← muhammadatef on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.