Scan your Claude Code, Cursor, or Windsurf history files for accidentally pasted API keys or credentials.
Redact found secrets in place while keeping a backup you can undo from.
Get the correct revocation URL for a detected key so you can rotate it quickly.
Run a one-time local security cleanup after debugging with an AI coding assistant.
| ishannaik/agent-sweep | adityasharmadotai-hash/docs-reader-rag-agent | alekseiul/hermes-researcher-agent | |
|---|---|---|---|
| Stars | 29 | 29 | 29 |
| Language | Python | Python | Python |
| Setup difficulty | easy | easy | moderate |
| Complexity | 2/5 | 2/5 | 2/5 |
| Audience | developer | vibe coder | researcher |
Figures from each repo's GitHub metadata at analysis time.
Requires Python 3.11 or later, install via pip or the uv tool installer.
AgentSweep is a command-line tool that scans the local conversation history files left behind by AI coding assistants and looks for accidentally pasted secrets. When you paste an API key, a database URL, or a .env file into a tool like Claude Code or Cursor to get help with debugging, that content gets saved to plain-text files on your computer and stays there indefinitely. AgentSweep reads those files, reports what it found, and can redact the secret values in place so they no longer sit in clear text. The tool works entirely offline. It reads and writes only files on your local machine and makes no network calls. It targets one specific risk: secrets stored in AI agent history files, which the README compares to a more dangerous version of shell history, since the files contain full conversational context rather than just commands. The README notes that if you already pasted a key into a cloud-backed agent, that key has already passed through the provider's servers, so AgentSweep addresses only the remaining local exposure. Twenty-nine AI agents are supported, including Claude Code, Cursor, Windsurf, Gemini CLI, GitHub Copilot Chat, Aider, and others. Detection covers 191 rule patterns: AWS credentials, GitHub tokens, Stripe keys, OpenAI and Anthropic API keys, Google credentials, Slack and Discord tokens, JWT tokens, PEM keys, database URLs, and BIP-39 seed phrases, among others. The fix flow is staged and reversible. AgentSweep first scans and shows you a report. If you type REDACT to confirm, it rewrites the affected files using atomic file replacement and creates .bak backup copies. The undo command restores from those backups. The purge command deletes the backups once you have rotated the affected keys. The tool also prints the appropriate revocation URL for each detected provider so you know where to go to invalidate the exposed key. Installation is via pip or the uv tool installer, and requires Python 3.11 or later. Running the tool with no arguments opens an interactive menu that walks through each step.
AgentSweep is an offline command-line tool that scans AI coding assistant history files for accidentally pasted secrets like API keys and redacts them.
Mainly Python. The stack also includes Python.
The README does not state a specific license.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.