Catch the leak before it hits the dark web.
DarkSub is the cyber skill in upskill. Run /up:cyber scan to find exposed secrets in your own code, free and offline. Upgrade to Pro to cross-check that exposure against breach dumps and the deep and dark web.
The free scan runs offline on your machine and never phones home. Nothing touches the network unless you choose to breach-check a credential. Designed to complement your existing IT, web and cyber security.
Scan. Cross-check. Report and act.
DarkSub gives your agent a security engineer's reflex: find the leak in your own code first, then check whether it has already surfaced where attackers trade.
Scan free
Run /up:cyber scan across your code and files. It finds exposed secrets - cloud keys, API tokens, private keys and hardcoded passwords - by file and line, offline on your machine.
Cross-check pro
Pro takes what the scan found and cross-checks it against breach dumps and the deep and dark web, then watches those sources over time and alerts you the moment your data surfaces.
Report and act
Every finding comes with the file and line, the matched value masked so the report never leaks it and a clear guide to secure the exposure and stop it spreading.
The scan reads the files your project already ships, so it catches exposed secrets across any language, framework and config on the tools you already use.
Install once. Scan on demand. Let Pro watch.
Install upskill on the agent you already use, run /up:cyber scan whenever you like and switch on Pro to keep watch across the deep and dark web.
Install the skill
Install upskill once, on Claude Code, Cursor, VS Code or any MCP host. DarkSub is the cyber skill in the suite, ready the moment it lands.
install onceScan your code
Run /up:cyber scan across a directory. It reports exposed secrets by file and line, masked, offline on your machine.
free - offlineTurn on Pro watch
Pro cross-checks your exposure against breach dumps and the deep and dark web, then alerts you the moment something surfaces. Nothing to babysit.
proA report you can hand over, not a dashboard.
Every finding names the file and line, masks the matched value so the report never leaks it and gives a concrete fix. This is the free scan's local output, before any dark-web cross-check.
Secret scan report - 10 findings, 2 remediated, 8 outstanding · acme-co (sample)
| Fixed | # | Finding and why it matters | Recommended fix | Notes |
|---|---|---|---|---|
| 1 | HIGH AWS access key in config/.env:12 AKIA****************A live AWS key in your repo lets anyone who reads it spin up servers and reach your data, running up charges on your account. This is the fastest path to a costly breach. | rotate the key, move it to a secret manager and gitignore .env | ||
| 2 | HIGH Stripe live secret key in src/payments/stripe.ts:8 sk_live_********************A live payment key can move money and read customer charges. Left in code it puts your revenue and your customers directly at risk. | revoke the key in Stripe, reissue it and load it from an env var | ||
| 3 | HIGH Database URL with password in docker-compose.yml:31 postgres://app:******@dbA database password in a committed file hands an attacker your customer records. It is the difference between an inconvenience and a reportable data breach. | move the credentials to a secret store and reference them | ||
| 4 | HIGH Private SSH key committed at keys/id_rsa -----BEGIN ***** (masked)A committed private key lets an attacker log into every server it unlocks. Once it is in git history, treat it as public. | remove it from git history and rotate the key pair | ||
| 5 | MED Slack bot token in .github/workflows/ci.yml:19 xoxb-****************A leaked bot token lets an outsider read and post in your workspace, which is both a data leak and a phishing risk to your team. | revoke the token and store it as an encrypted CI secret | ||
| 6 | MED Google API key in public/config.js:5 AIza********************A key shipped to the browser can be lifted and used on your quota, running up billing and, if unrestricted, reaching other services. | restrict the key by referrer and API and move calls server-side | ||
| 7 | MED SMTP password in app/config/mailer.yml:22 smtp://mailer:******@Mail credentials let an attacker send email as your domain, which burns your sender reputation and powers convincing phishing of your customers. | rotate the mailbox password and load it from a secret | ||
| 8 | MED JWT signing secret in src/auth/session.js:14 hs256_****************If the secret that signs your sessions leaks, an attacker can forge logins as any user, including admins. That is a full account-takeover risk. | rotate the signing secret and read it from the environment | ||
| 9 | LOW Basic-auth credentials in README.md:40 user:******Example credentials in docs are often real and still active. Bots scrape public repos for exactly this within minutes of a push. | remove the credentials and replace them with a placeholder | ||
| 10 | LOW Sentry DSN in vite.config.ts:11 https://****@o123.ingestA DSN in client code is low risk on its own but lets others flood your error stream and reveals internal project detail. | move the DSN to an env var and rotate it if abuse appears |
The corners of the web your business never sees.
With Pro, DarkSub cross-checks your exposure against the places stolen data changes hands, so a leak reaches you before it reaches an attacker's shortlist.
Pro watches these sources for the domains, brands and credentials on your watchlist, so you find out from your own agent, not from a customer.
Free to scan. Pro to watch the dark web.
Two tiers, no enterprise complexity. The local scan is free forever. Pro is part of your upskill Pro subscription - one price unlocks the Pro tier of DarkSub and every other skill in the suite.
The local secret and leak scan, offline and unlimited.
- Full local secret and leak scan with /up:cyber scan
- Runs offline on your machine and never phones home
- Findings by file and line, every match masked
- Unlimited local runs, no metering and no credits
- Works in Claude Code, Cursor, VS Code and any MCP host
The exposure and breach cross-check across the deep and dark web. One upskill Pro subscription unlocks the Pro tier of every skill in the suite.
- Everything in Free
- Exposure and breach cross-check across the deep and dark web
- Ongoing watch for your domains, brands and key people
- Immediate alerts the moment your data surfaces, with a guide to act
- One upskill Pro subscription unlocks Pro on every skill
2 BSV/yr is ~US$50, our Bitcoin community rate.
upskill Pro is one subscription across the whole suite: colour, design, growth & proof. Buy Pro, unlock everywhere. See the suite →
Part of the upskill suite.
DarkSub ships as the cyber skill in the installed upskill suite, alongside siblings like radhr and captns. Run the scan free and offline; Pro unlocks whenever you are ready.
Works with Claude Code, Cursor and VS Code · offline core · early access.
Frequently Asked Questions
What is DarkSub?
DarkSub is the cyber skill in upskill, the installable suite of AI agent skills from UpLinkd Group. Install upskill once and run /up:cyber scan to check your own code and files for exposed secrets, then upgrade to Pro to cross-check that exposure against breach dumps and the deep and dark web.
What is free and what needs Pro?
The local secret and leak scan is free forever. It reads files on your machine and reports exposed credentials by file and line, with the matched value masked so the report never leaks it. Pro adds the exposure and breach cross-check across the deep and dark web, plus ongoing monitoring.
Does the free scan send my code anywhere?
No. DarkSub itself makes zero network calls when scanning: the free scan reads files on your machine, masks every match and never phones home. The Pro monitor step is guidance only in early access: it describes how to breach-check the credentials you choose and makes no network calls itself. One honest caveat: the coding agent you run it inside, such as Claude Code or Cursor, may send data back to its own provider, which is outside our control.
How much is Pro?
Pro is included with upskill Pro at US$149/yr via Stripe or 2 BSV/yr ~US$50 Bitcoin community rate. One upskill Pro subscription unlocks the Pro tier of DarkSub and every other skill in the suite.
What does DarkSub work with?
DarkSub runs inside the coding agent you already use: Claude Code, Cursor, VS Code or any MCP host. The scan reads the files your project already ships, so it covers any repo and stack, including JS and TS, Python, Go, Ruby, PHP, .env files, Docker and CI configs.
What does the scan actually output?
A ranked secret scan report. Every finding names the file and line, masks the matched value so the report never leaks it and comes with a concrete fix, ordered by severity. You can print the report to PDF and walk through it with your team.
Does DarkSub replace my IT or security team?
No. DarkSub gives your agent a security engineer's reflex and puts eyes on the deep and dark web that most small businesses do not have. It complements your existing IT, web and cyber security with early warnings your team can act on.