HN Showcase
Back to browse
GitHub Repository

Chrome extension that stops engineers from leaking API keys and secrets into ChatGPT, Cursor, and other AI tools. 100% local scanning.

2 starsJavaScript

Chrome extension that blocks API keys from being pasted into AI tools

by shiqingao·May 13, 2026·5 points·2 comments
Visit ProjectView on HN

AI Analysis

●●SolidSolve My Problem

Local regex scanning blocks secrets before they hit ChatGPT, unlike cloud-based DLP tools.

Strengths
  • Intercepts fetch and XHR at the content script level to block data before it leaves the browser.
  • Supports strict blocking mode for critical secrets like AWS keys and private SSH certificates.
  • No server-side processing ensures sensitive patterns never leave the user’s machine.
Weaknesses
  • Regex-based detection struggles with obfuscated secrets or rotated keys that don’t match known patterns.
  • Doesn’t protect against copy-pasting secrets into the prompt manually before hitting send.
Category
Security
Target Audience

Developers using ChatGPT, Claude, or Copilot for coding assistance

Similar To

GitGuardian · Detectify · 1Password

Similar Projects

Security●●●Banger

My OpenClaw tried to exfiltrate my SSH keys, so I built a guardrail

Transparent proxy intercepts agent tool calls; blocks SSH key theft before it happens.

Solve My ProblemBold BetZero to One
zcc_
333mo ago
Security●●●Banger

OpenGuard

Drop-in LLM traffic guard with PII redaction and prompt injection detection, one command.

Solve My ProblemSlick
everlier
102mo ago