OpenAI key check

Scan your app for exposed OpenAI API keys

Checks your live site for OpenAI secret keys (sk-...) shipped in the client bundle. A leaked key costs money and violates OpenAI ToS.

Leaking an OpenAI API key in your frontend means anyone can make API calls on your account. This scanner checks your live app's client bundle for the OpenAI key pattern (sk-[48 chars]). If you're using a vibe-code tool like Lovable, Cursor, or Bolt that wired up the OpenAI API client-side, this check is especially important before you send traffic to your app.