OpenAI API key
Part of Security, which counts for 30% of the overall score. When this check fires it deducts 15 points from that category, once per scan, no matter how many places it turns up.
What it detects
An OpenAI API key (sk-...) was found. It bills against your account and can be abused to run up usage charges.
Why it matters
An OpenAI API key bills usage against your account, so a leak can be abused to run up charges quickly. Bots scrape public repos for the sk- prefix specifically. The key grants access to your organization models and usage.
How to fix it
Move the key into a server-side environment variable and read it at runtime; never expose it to a browser. Rotate the key in the OpenAI dashboard after removing it. Set usage limits as a backstop.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo