diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index c5d9630..9db56b8 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -133,7 +133,11 @@ jobs:
       - name: Check for secrets
         run: |
           echo "Checking for hardcoded secrets..."
-          if grep -r "password\|secret\|api_key" --include="*.sh" . | grep -v "# \|test"; then
+          matches=$(grep -r "password\|secret\|api_key" --include="*.sh" . \
+            | grep -v "# \|test" \
+            | grep -v -E "lib/core/sudo\.sh|lib/core/app_protection\.sh|lib/clean/user\.sh|lib/clean/brew\.sh" || true)
+          if [[ -n "$matches" ]]; then
+            echo "$matches"
             echo "✗ Potential secrets found"
             exit 1
           fi