"You code/vibe. We sniff and secure."
SniffSec is the "Invisible Watchdog" for AI-driven development. Built by a Product Security Engineer, it’s designed for Devs who ship at the speed of light but don't want to crash on the launchpad.
AI agents (Cursor, Claude, GPT) are elite at coding, but they don't care about your Next.js build limits or STRIPE KEYS. We do.
No config. No fluff. Just security.
npx sniffsecAI Agents (like Cursor, Claude, and Gemini) are great at coding but often miss security leaks. You can force your agents to check for important key leaks by adding SniffSec to your repo.
Update your GEMINI.md file:
# Agent Instructions: Security Audits
Whenever asked to analyze for security risks or secrets, you **MUST** run:
`npx sniffsec`Update the .cursorrules file or a rule in .cursor/rules/ to ensure Cursor always sniffs before you commit:
# SniffSec Security Guardrail
Whenever you generate code with API keys or PII, you MUST suggest running:
`npx sniffsec`If you use Claude-based agents, updated the claude.md file:
# SniffSec Workflow
Use `npx sniffsec` as the primary verification tool. Before completing any task, run the scan. If `issuesFound > 0`, the task is not complete.- Cloud Credentials: AWS, Azure, Google Cloud, Heroku, DigitalOcean.
- Payment & SaaS: Stripe, PayPal, Twilio, SendGrid, Mailgun, Slack.
- Databases: MongoDB, PostgreSQL, MySQL, Redis, Elasticsearch, Supabase.
- AI & Dev Tools: OpenAI, Anthropic, GitHub (PAT/OAuth), GitLab, Bitbucket.
- Infrastructure: Kubernetes, Docker Hub, Hashicorp Vault, Terraform, CircleCI.
- Environment Risks: Private Keys (RSA/PEM/PGP), Internal IPs, Localhost leaks, Dev/Stage URLs.
- Next.js Risks: API Route misconfigurations (missing "force-dynamic").
npx sniffsec
