CleanMyPrompt
CLI Tool

Scan and redact secrets before they leave your machine

The CleanMyPrompt CLI detects API keys, tokens, and PII in any file — and fixes them in one command. Works in your terminal, git hooks, CI/CD pipelines, and LLM preprocessing workflows.

npm install -g cleanmyprompt
View on npm Read the intro post
macOSLinuxWindowsNode.js 18+Free for personal use

Five commands. That's it.

No config files, no YAML, no cloud account required.

cmp scan <file>

Detect secrets, API keys, and PII. Outputs a findings table with severity levels.

cmp fix <file>

Redact detected values in-place. Replaces secrets with labeled placeholders like [OPENAI-KEY].

cmp squeeze <file>

Compress tokens by removing comments, unused imports, and whitespace. Cuts costs by 40–50%.

cmp install-hook

Install a git pre-commit hook in the current repo. Blocks commits containing secrets.

cmp uninstall-hook

Remove the pre-commit hook from the current repo.

What gets detected

Three priority tiers. When a HIGH finding overlaps a LOW one, HIGH always wins — no false positives.

HIGHSecrets & API Keys
  • OpenAI keys (sk-...)
  • Anthropic keys (sk-ant-...)
  • Google AI, AWS, GitHub tokens
  • Stripe, Twilio, Slack API keys
  • Private key PEM headers
  • Generic bearer tokens
MEDIUMPII
  • Email addresses
  • US phone numbers
  • Social Security Numbers
  • Credit card numbers
  • IBANs
LOWCode Patterns
  • Hardcoded variable assignments
  • process.env.SECRET = "..."
  • api_key = "value"

Where it fits your workflow

Drop it into the places where secrets most commonly leak.

Git Pre-Commit Hook

Automatically blocks commits containing secrets. No configuration — one command installs it.

cmp install-hook

CI/CD Pipeline

Run scans in GitHub Actions with SARIF output. Findings appear as code scanning alerts on PRs.

cmp scan src/ --format sarif > results.sarif

LLM Context Prep

Redact then squeeze before sending files as context to any LLM. Fewer tokens, no leaked secrets.

cmp fix context.ts && cmp squeeze context.ts

Debug Log Sanitization

Scan logs and config dumps before sharing with your team or pasting into AI assistants.

cmp fix debug.log && cat debug.log

Token Squeeze: cut LLM costs by 50%

The cmp squeeze command removes comments, strips unused imports, collapses whitespace, and deduplicates repeated blocks. A typical TypeScript file goes from 2,847 tokens to 1,391 — a 51% reduction. At scale in a CI pipeline, this pays back the install in the first hour.

cmp squeeze context.ts --level aggressive --verbose
Read the full guide

GitHub Actions — SARIF Integration

Secrets findings appear as code scanning alerts on pull requests — visible inline, no dashboard required.

# .github/workflows/secrets-scan.yml
name: Secrets Scan

on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install CleanMyPrompt CLI
        run: npm install -g cleanmyprompt

      - name: Scan for secrets
        run: cmp scan src/ --format sarif > results.sarif

      - name: Upload SARIF to GitHub
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

Licensing

Free — Personal Use
  • Individual developers
  • Open-source projects
  • Personal CI/CD pipelines
  • Learning and experimentation
Commercial License — Teams
  • Use in a commercial product or service
  • Team or org-wide CI/CD deployment
  • Bundled in a paid offering
Contact us for pricing

Install in 10 seconds

npm install -g cleanmyprompt
View on npmAlso available for VS Code →