HN Showcase
Back to browse
Chrome extension that blocks API keys from being pasted into AI tools

Chrome extension that blocks API keys from being pasted into AI tools

by shiqingao·May 13, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●●BangerSolve My ProblemSlick

Blocks AWS keys and JWTs locally before they hit ChatGPT, unlike cloud-based DLP tools.

Strengths
  • Combines regex with Shannon entropy analysis to catch high-entropy secrets without false positives.
  • Runs 100% locally in the browser with no account or data exfiltration to external servers.
  • Covers 45+ patterns including Stripe keys, DB connection strings, and Luhn-validated credit cards.
Weaknesses
  • Chrome-only extension leaves Firefox and Safari users without protection for now.
  • Regex-based detection may struggle with obfuscated secrets or environment variable indirection.
Category
Security
Target Audience

Developers using AI chat tools who handle sensitive credentials

Similar To

GitGuardian · TruffleHog · Nightfall

Similar Projects

Security●●Solid

FunWithText – Free browser PII sanitizer and prompt injection scanner

Runs fully in the browser for regex-based redaction of structured PII (emails, cards, phones, API keys, IPs, SSNs) and offers an optional Claude step to catch names/addresses patterns miss. Clear placeholders like [NAME] and a privacy toggle make it practical for quick, manual workflows, and I like the Norwegian NIN/phone support. It's useful and thoughtfully privacy-first but not novel — the real win would be integrations (batch processing, editor/extension) or independent accuracy metrics for the AI step.

Solve My ProblemSlickNiche Gem
atbj
203mo ago
Security●●Solid

PromptSonar – Static analysis for LLM prompt security

Static scanner catches prompt injections in code before runtime, unlike runtime guards.

Solve My ProblemShip It
meghal86
103mo ago