security-ai-keys

Original：🇺🇸 English

Translated

1 scripts

Review AI API key leakage patterns and redaction strategies. Use for identifying exposed keys for OpenAI, Anthropic, Gemini, and 10+ other providers. Use proactively when code integrates AI providers or when environment variables/keys are present. Examples: - user: "Check for leaked OpenAI keys" → scan for `sk-` patterns and client-side exposure - user: "Is my Gemini integration secure?" → audit vertex AI config and key redaction - user: "Review AI provider logging" → ensure secrets are redacted from logs - user: "Scan for Anthropic secrets" → check for `ant-` keys in code and configs - user: "Audit Vertex AI integration" → verify proper IAM roles and service account usage

10installs

Sourceigorwarzocha/opencode-workflows

Added on2026-02-21

NPX Install

npx skill4agent add igorwarzocha/opencode-workflows security-ai-keys

SKILL.md Content

View Translation Comparison →

Security audit patterns for AI API key leakage in applications integrating AI providers.

</overview> <rules>

Core Principles

MUST treat AI API keys as secrets and keep them server-side.
MUST NOT ship keys to browsers or mobile clients.
SHOULD avoid logging keys; redact before logging or error reporting.
MUST rotate keys immediately if exposure is suspected.

</rules> <vulnerabilities>

Common Leak Paths

1) Client-Side Exposure

```
NEXT_PUBLIC_*
```
/
```
VITE_*
```
env vars containing AI keys
Direct calls to AI provider endpoints from browser code

2) Build Artifacts

Keys embedded in bundles (
```
dist/
```
,
```
build/
```
,
```
.next/
```
)
Source maps exposing server code containing keys

3) Logs and Telemetry

```
console.log
```
/ logger statements that include key values
Error tracking payloads (Sentry, Datadog) with headers included

</vulnerabilities> <commands>

Quick Audit Commands

bash

# Env files: AI keys accidentally exposed to client
rg -n "(NEXT_PUBLIC_|VITE_).*(OPENAI|OPENROUTER|ANTHROPIC|GEMINI|GOOGLE|VERTEX|BEDROCK|AWS|AZURE|MISTRAL|COHERE|GROQ|PERPLEXITY|TOGETHER|REPLICATE|FIREWORKS|HUGGINGFACE|HF_)" . -g "*.env*"

# Client code calling AI APIs directly (check for browser use)
rg -n "api\.openai\.com|openrouter\.ai|api\.anthropic\.com|generativelanguage\.googleapis\.com|aiplatform\.googleapis\.com|bedrock.*amazonaws\.com|api\.mistral\.ai|api\.cohere\.ai|api\.groq\.com|api\.together\.xyz|api\.perplexity\.ai|api\.replicate\.com|api\.fireworks\.ai|openai\.azure\.com" . -g "*.js" -g "*.ts" -g "*.jsx" -g "*.tsx" -g "*.vue"

# Scan build outputs for likely keys (heuristic)
rg -a "sk-[A-Za-z0-9]{20,}|sk-ant-[A-Za-z0-9-]{20,}|sk-or-[A-Za-z0-9-]{20,}|AIza[0-9A-Za-z_-]{35}|hf_[A-Za-z0-9]{20,}" dist/ build/ .next/ 2>/dev/null

# Service account credentials and cloud auth files
rg -n "\"type\"\s*:\s*\"service_account\"|GOOGLE_APPLICATION_CREDENTIALS|AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY|AZURE_OPENAI_API_KEY" . -g "*.env*" -g "*.json"

</commands> <checklist>

Hardening Checklist

AI provider keys only in server runtime (never in browser)
```
.env.local
```
and
```
.env.*.local
```
are gitignored
Logs redact or omit secrets (request headers, env values)
Build artifacts scanned before deploy
Keys rotated if exposure suspected

</checklist> <scripts>

Scripts

```
scripts/scan.sh
```
- First-pass AI key leakage scan

</scripts>