A new macOS utility called Sieve automatically scans chat histories from Cursor and Claude for accidentally exposed API keys. The tool surfaced in an 11-point Hacker News thread that linked directly to its App Store page.
Developers who paste code or error logs into these AI coding assistants often include live credentials. Sieve checks those conversations after the fact and flags any strings that match common API key patterns.
App: Sieve Secret Scanner | Platform: macOS | Source: App Store
What It Is and How It Works
Sieve reads local chat logs stored by Cursor and Anthropic’s Claude desktop apps. It applies pattern matching to detect high-entropy strings that resemble API keys from major providers.
The scan runs locally on the user’s machine. No chat data leaves the device.
How to Try It
Users can download Sieve directly from the Mac App Store. After installation, the app requests permission to read the relevant chat directories for Cursor and Claude.
A single scan typically completes in seconds. Results appear as a simple list of flagged conversations and the specific keys detected.
Pros and Cons
- Runs entirely offline with no data upload
- Targets the exact chat folders used by popular AI coding tools
Lightweight footprint suitable for daily background checks
Currently limited to Cursor and Claude histories only
Provides no automatic key revocation or rotation
Single comment on the Hacker News thread asked about false-positive rates
Alternatives and Comparisons
Several established secret-scanning tools exist, but most focus on git repositories rather than AI chat logs.
| Tool | Primary Target | Local Scan | Chat History Support | License |
|---|---|---|---|---|
| Sieve | Cursor/Claude chats | Yes | Yes | App Store |
| TruffleHog | Git repos & files | Yes | No | Open source |
| GitLeaks | Git history | Yes | No | Open source |
| gitleaks-action | CI pipelines | No | No | Open source |
Who Should Use This
Developers who regularly paste production logs or code snippets into Cursor or Claude benefit most. Teams with strict credential hygiene policies can add Sieve as a lightweight post-chat audit step.
Users who never share code with AI tools or who already rotate keys after every session can safely skip it.
Bottom Line / Verdict
Sieve fills a narrow but real gap: catching API keys that slip into AI coding chat histories before they become a larger security issue. Its local-only design keeps the barrier to adoption low for individual developers.
Early adoption will likely stay concentrated among power users of Cursor and Claude who already treat chat logs as part of their working codebase.

Top comments (0)