AgentSkillsCN

security-ai-keys

分析AI API密钥泄露模式与脱敏策略。无论是OpenAI、Anthropic、Gemini,还是其他十余家供应商,此功能都能帮你识别暴露的密钥。当代码集成AI供应商,或环境中出现环境变量/密钥时,此功能更应主动运用。 示例: - 用户输入:“检查是否有OpenAI密钥泄露” → 扫描`sk-`模式,排查客户端侧的密钥暴露问题 - 用户输入:“我的Gemini集成是否安全?” → 审核Vertex AI的配置与密钥脱敏措施 - 用户输入:“审查AI供应商的日志记录” → 确保敏感信息已在日志中被妥善脱敏 - 用户输入:“扫描Anthropic的密钥” → 检查代码与配置中是否存在`ant-`开头的密钥 - 用户输入:“审核Vertex AI的集成” → 核实IAM角色与服务账号的使用是否恰当

SKILL.md
--- frontmatter
name: security-ai-keys
description: |-
  Review AI API key leakage patterns and redaction strategies. Use for identifying exposed keys for OpenAI, Anthropic, Gemini, and 10+ other providers. Use proactively when code integrates AI providers or when environment variables/keys are present.
  Examples:
  - user: "Check for leaked OpenAI keys" → scan for `sk-` patterns and client-side exposure
  - user: "Is my Gemini integration secure?" → audit vertex AI config and key redaction
  - user: "Review AI provider logging" → ensure secrets are redacted from logs
  - user: "Scan for Anthropic secrets" → check for `ant-` keys in code and configs
  - user: "Audit Vertex AI integration" → verify proper IAM roles and service account usage
<overview> Security audit patterns for AI API key leakage in applications integrating AI providers. </overview> <rules>

Core Principles

  • AI API keys MUST be treated as secrets and kept server-side
  • Keys MUST NOT be shipped to browsers or mobile clients
  • Keys SHOULD be redacted before logging or error reporting
  • Keys MUST be rotated immediately if exposure is suspected
</rules> <vulnerabilities>

Common Leak Paths

Client-Side Exposure

  • NEXT_PUBLIC_* / VITE_* env vars containing AI keys
  • Direct calls to AI provider endpoints from browser code

Build Artifacts

  • Keys embedded in bundles (dist/, build/, .next/)
  • Source maps exposing server code containing keys

Logs and Telemetry

  • console.log / logger statements that include key values
  • Error tracking payloads (Sentry, Datadog) with headers included
</vulnerabilities> <workflow> <phase name="audit">

Quick Audit Commands

bash
# Env files: AI keys accidentally exposed to client
rg -n "(NEXT_PUBLIC_|VITE_).*(OPENAI|OPENROUTER|ANTHROPIC|GEMINI|GOOGLE|VERTEX|BEDROCK|AWS|AZURE|MISTRAL|COHERE|GROQ|PERPLEXITY|TOGETHER|REPLICATE|FIREWORKS|HUGGINGFACE|HF_)" . -g "*.env*"

# Client code calling AI APIs directly (check for browser use)
rg -n "api\.openai\.com|openrouter\.ai|api\.anthropic\.com|generativelanguage\.googleapis\.com|aiplatform\.googleapis\.com|bedrock.*amazonaws\.com|api\.mistral\.ai|api\.cohere\.ai|api\.groq\.com|api\.together\.xyz|api\.perplexity\.ai|api\.replicate\.com|api\.fireworks\.ai|openai\.azure\.com" . -g "*.js" -g "*.ts" -g "*.jsx" -g "*.tsx" -g "*.vue"

# Scan build outputs for likely keys (heuristic)
rg -a "sk-[A-Za-z0-9]{20,}|sk-ant-[A-Za-z0-9-]{20,}|sk-or-[A-Za-z0-9-]{20,}|AIza[0-9A-Za-z_-]{35}|hf_[A-Za-z0-9]{20,}" dist/ build/ .next/ 2>/dev/null

# Service account credentials and cloud auth files
rg -n "\"type\"\s*:\s*\"service_account\"|GOOGLE_APPLICATION_CREDENTIALS|AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY|AZURE_OPENAI_API_KEY" . -g "*.env*" -g "*.json"
</phase> </workflow> <checklist>

Hardening Checklist

  • AI provider keys only in server runtime (never in browser)
  • .env.local and .env.*.local are gitignored
  • Logs redact or omit secrets (request headers, env values)
  • Build artifacts scanned before deploy
  • Keys rotated if exposure suspected
</checklist> <reference>

Scripts

  • scripts/scan.sh - First-pass AI key leakage scan
</reference>