Questions about API Radar – Live Feed of Leaked API Keys

I’m a solo dev working on API Radar – a live feed of leaked API keys and secrets found in public GitHub repos. Later today I’m shipping a big rebuild of the search/detection engine, and I’d love to sanity‑check a few things with this crowd before it goes fully live on Product Hunt.

A couple of questions for folks in security, DevOps/SRE, or backend roles:

• What’s the most useful way to present this kind of data so it actually helps you fix issues? (per‑repo view, per‑provider, timelines, alerts, something else?)

• Where’s the ethical line for you? The data is from public repos only, but what would make a tool like this clearly “defensive” and helpful rather than sketchy or abusable?

Blunt feedback is welcome – on the idea, UX, or even whether this should exist at all.