Anthropic API key
Part of Security, which counts for 30% of the overall score. When this check fires it deducts 25 points from that category, once per scan, no matter how many places it turns up.
What it detects
An Anthropic API key (sk-ant-...) was found. It bills against your account and can be abused for arbitrary API usage.
Why it matters
An Anthropic API key bills usage against your account and can be abused for arbitrary API calls if leaked. The sk-ant- prefix is distinctive and scanned for. It grants access at the scope of your organization.
How to fix it
Move the key into a server-side environment variable and read it at runtime; keep it off the client. Rotate the key in the Anthropic console after removing it. Apply spend limits where available.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo