I'm not sure if a CodeClimate plugin could check for this.
I do know that all Lambda Security products will scan for sensitive information but then you have to go serverless and pay for said service.
I like how Amazon Macie can detect (Personally identifiable information) PII and api credentials.
I guess if you're CI/CD is CodePipeline and CodeBuild which places artifacts (zip folders) of your codebase in S3 that maybe Macie could detect these issues. Uncertain if it can peak into zips.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.