kakashi
A local-first masker that lives inside Claude Code, Cursor, Codex CLI, and 20+ AI agents. Hides API keys, passwords, secrets, and personal data — across PDF, Word, Excel, JSON, .env, and 45+ other formats — before your agent ever sees them.30 seconds to install. Nothing leaves your machine. Ever.
Kakashi scans files on your computer for secrets like API keys and passwords, replaces them with placeholder tokens before any AI assistant reads the file, and installs as a skill inside Claude Code and 20 other AI tools.
Kakashi is a tool that scans files on your own computer for sensitive information, such as API keys, passwords, database connection strings, email addresses, phone numbers, and credit card numbers, before those files reach an AI assistant. It installs as a skill directly inside tools like Claude Code, Cursor, Codex CLI, and more than 20 others. Nothing is sent to a remote server: all scanning and masking happens locally on your machine.
The problem it addresses is straightforward. When you paste a config file, spreadsheet, or script into an AI chat to ask a coding question, any secrets inside that file travel to the AI provider's servers in plaintext. Kakashi sits between you and that transfer. Before the agent ever reads the file, Kakashi replaces each sensitive value with a placeholder token like [OPENAI_KEY_1] or [DB_CONN_2]. The AI sees only the tokens, not the real values. You can then share the masked file freely without exposing real credentials.
Installation takes about 30 seconds. A single shell command detects all compatible agents on your machine and installs the skill for each of them. You can also install for just one agent if you prefer. Node.js version 18 or higher is required. The tool works on macOS, Linux, Windows Subsystem for Linux, Git Bash, and Windows PowerShell.
The tool provides three main commands. The scan command checks a file and reports how many findings it found, broken down by category, without printing the actual secret values in the output. The mask command rewrites the file with placeholders in place of the real data and saves a new masked copy. The audit command shows the full original-to-token mapping, which is meant for review in a plain terminal rather than inside an agent context.
Kakashi supports more than 50 file formats including PDF, Word documents, Excel spreadsheets, JSON files, and .env files. The README notes one important rule: you should pass a file path to the slash commands rather than using the @-mention syntax that some agents offer, because @-mentions attach the full file content to the AI context before Kakashi has a chance to scan it.
Where it fits
- Scan a config file or .env file for API keys before sharing it with an AI coding assistant, so real credentials never leave your machine.
- Mask all sensitive values in a JSON, Excel, or PDF file and produce a clean copy with placeholder tokens the AI can work with safely.
- Install the secret scanner across every compatible AI tool on your machine with a single shell command.