whatisgithub

What is kakashi?

muhammadatef/kakashi — explained in plain English

Analysis updated 2026-06-24

13JavaScriptAudience · developerComplexity · 2/5Setup · easy

In one sentence

Kakashi scans files on your computer for secrets like API keys and passwords, replaces them with placeholder tokens before any AI assistant reads the file, and installs as a skill inside Claude Code and 20 other AI tools.

Mindmap

mindmap
  root((repo))
    What It Does
      Secret file scanner
      Token replacement
      Pre-AI masking
    Detects
      API keys
      Passwords
      Credit card numbers
    Commands
      Scan for count
      Mask to new file
      Audit full mapping
    AI Tool Support
      Claude Code skill
      Cursor and Codex
      20 plus tools total
    Tech Stack
      JavaScript
      Node.js 18 plus
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Scan a config file or .env file for API keys before sharing it with an AI coding assistant, so real credentials never leave your machine.

USE CASE 2

Mask all sensitive values in a JSON, Excel, or PDF file and produce a clean copy with placeholder tokens the AI can work with safely.

USE CASE 3

Install the secret scanner across every compatible AI tool on your machine with a single shell command.

What is it built with?

JavaScriptNode.js

How does it compare?

muhammadatef/kakashi09catho/axonabdulrdeveloper/react--tic-tac-toe
Stars131313
LanguageJavaScriptJavaScriptJavaScript
Setup difficultyeasymoderateeasy
Complexity2/54/51/5
Audiencedeveloperresearcherdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Requires Node.js 18 or higher, pass file paths to slash commands rather than using @-mention syntax to avoid premature exposure.

So what is it?

Kakashi is a tool that scans files on your own computer for sensitive information, such as API keys, passwords, database connection strings, email addresses, phone numbers, and credit card numbers, before those files reach an AI assistant. It installs as a skill directly inside tools like Claude Code, Cursor, Codex CLI, and more than 20 others. Nothing is sent to a remote server: all scanning and masking happens locally on your machine. The problem it addresses is straightforward. When you paste a config file, spreadsheet, or script into an AI chat to ask a coding question, any secrets inside that file travel to the AI provider's servers in plaintext. Kakashi sits between you and that transfer. Before the agent ever reads the file, Kakashi replaces each sensitive value with a placeholder token like [OPENAI_KEY_1] or [DB_CONN_2]. The AI sees only the tokens, not the real values. You can then share the masked file freely without exposing real credentials. Installation takes about 30 seconds. A single shell command detects all compatible agents on your machine and installs the skill for each of them. You can also install for just one agent if you prefer. Node.js version 18 or higher is required. The tool works on macOS, Linux, Windows Subsystem for Linux, Git Bash, and Windows PowerShell. The tool provides three main commands. The scan command checks a file and reports how many findings it found, broken down by category, without printing the actual secret values in the output. The mask command rewrites the file with placeholders in place of the real data and saves a new masked copy. The audit command shows the full original-to-token mapping, which is meant for review in a plain terminal rather than inside an agent context. Kakashi supports more than 50 file formats including PDF, Word documents, Excel spreadsheets, JSON files, and .env files. The README notes one important rule: you should pass a file path to the slash commands rather than using the @-mention syntax that some agents offer, because @-mentions attach the full file content to the AI context before Kakashi has a chance to scan it.

Copy-paste prompts

Prompt 1
I want to share my .env file with Claude Code to get help debugging, but it contains real API keys. Walk me through using Kakashi to mask the file so Claude only sees placeholder tokens like [OPENAI_KEY_1] instead of the real values.
Prompt 2
I ran the Kakashi scan command on my config file and it found 12 findings. Now I want to see the full mapping of which token replaced which original value for my own reference. How do I use the audit command safely outside the AI agent?
Prompt 3
I have a team member who uses Cursor and another who uses Claude Code. How do I install Kakashi as a skill for both tools at once, and what is the correct way to invoke it inside each tool?

Frequently asked questions

What is kakashi?

Kakashi scans files on your computer for secrets like API keys and passwords, replaces them with placeholder tokens before any AI assistant reads the file, and installs as a skill inside Claude Code and 20 other AI tools.

What language is kakashi written in?

Mainly JavaScript. The stack also includes JavaScript, Node.js.

How hard is kakashi to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is kakashi for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.