PromptZone - Leading AI Community for Prompt Engineering and AI Enthusiasts

Cover image for Sieve Scans Cursor and Claude Chats for Leaked API Keys
Sebastian Suzuki
Sebastian Suzuki

Posted on

Sieve Scans Cursor and Claude Chats for Leaked API Keys

A new macOS utility called Sieve automatically scans chat histories from Cursor and Claude for accidentally exposed API keys. The tool surfaced in an 11-point Hacker News thread that linked directly to its App Store page.

Developers who paste code or error logs into these AI coding assistants often include live credentials. Sieve checks those conversations after the fact and flags any strings that match common API key patterns.

App: Sieve Secret Scanner | Platform: macOS | Source: App Store

What It Is and How It Works

Sieve reads local chat logs stored by Cursor and Anthropic’s Claude desktop apps. It applies pattern matching to detect high-entropy strings that resemble API keys from major providers.

The scan runs locally on the user’s machine. No chat data leaves the device.

Sieve Scans Cursor and Claude Chats for Leaked API Keys

How to Try It

Users can download Sieve directly from the Mac App Store. After installation, the app requests permission to read the relevant chat directories for Cursor and Claude.

A single scan typically completes in seconds. Results appear as a simple list of flagged conversations and the specific keys detected.

Pros and Cons

  • Runs entirely offline with no data upload
  • Targets the exact chat folders used by popular AI coding tools
  • Lightweight footprint suitable for daily background checks

  • Currently limited to Cursor and Claude histories only

  • Provides no automatic key revocation or rotation

  • Single comment on the Hacker News thread asked about false-positive rates

Alternatives and Comparisons

Several established secret-scanning tools exist, but most focus on git repositories rather than AI chat logs.

Tool Primary Target Local Scan Chat History Support License
Sieve Cursor/Claude chats Yes Yes App Store
TruffleHog Git repos & files Yes No Open source
GitLeaks Git history Yes No Open source
gitleaks-action CI pipelines No No Open source

Who Should Use This

Developers who regularly paste production logs or code snippets into Cursor or Claude benefit most. Teams with strict credential hygiene policies can add Sieve as a lightweight post-chat audit step.

Users who never share code with AI tools or who already rotate keys after every session can safely skip it.

Bottom Line / Verdict

Sieve fills a narrow but real gap: catching API keys that slip into AI coding chat histories before they become a larger security issue. Its local-only design keeps the barrier to adoption low for individual developers.

Early adoption will likely stay concentrated among power users of Cursor and Claude who already treat chat logs as part of their working codebase.

Top comments (0)