Launched this week

SecretScout — API Key & Secret Detector
Catch exposed API keys and secrets while you browse
7 followers
Catch exposed API keys and secrets while you browse
7 followers
SecretScout scans pages you visit for accidentally exposed API keys (OpenAI, AWS, Stripe, GitHub, Google) in DOM, scripts and network responses. 100% local — nothing leaves your browser. Built for developers and security engineers who care about credential hygiene.



Tried it on a couple of my own dev tools pages and it actually flagged a Stripe key I forgot was hardcoded in a script. Love that it runs entirely local, no setup beyond the extension.
Tried it on a few random dev docs pages and honestly it caught a couple of test tokens i had no idea were lurking in the network tab. The fact that it stays local is a really nice touch.
runs quietly in the background and caught a stray OpenAI key in an old codepen of mine that i had no idea was live. the local-only angle is the part that actually sold me on installing it.
That's exactly what SecretScout is built for — glad it caught something real!
A forgotten Stripe key in a script is a classic one. Thanks for trying it out
and taking the time to leave a review 🙏