{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiakijgg5c64hrcynhqwsivfixfkjwfrj4yghcefw6tugptg23koym",
    "uri": "at://did:plc:25rdn5elo5izoxrmtis34zuk/app.bsky.feed.post/3mplv4d542bt2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreicpvtfhmxih5toeozc23m45yrwfqxtg3mvgecvv76hw46efcti2qa"
    },
    "mimeType": "image/webp",
    "size": 277554
  },
  "path": "/ashish_3feb4ebc7a5923e9b7/scankii-the-first-static-security-scanner-built-to-stop-ai-agents-from-leaking-api-keys-1nj5",
  "publishedAt": "2026-07-01T15:52:26.000Z",
  "site": "https://dev.to",
  "tags": [
    "ai",
    "security",
    "python",
    "cli",
    "https://github.com/ashp15205/scankii"
  ],
  "textContent": "Hey DevHunt community! šŸ‘‹\n\nI'm incredibly excited to launch Scankii!\n\nAs developers, we are building more and more AI Agents using frameworks like LangChain, OpenHands, and AutoGen. The standard paradigm is giving these agents \"skills\" or \"tools\" — which are basically just Python functions combined with Natural Language instructions (prompts or docstrings).\n\nBut here is the problem: Standard secret scanners (like GitLeaks or TruffleHog) are blind to AI-specific vulnerabilities.\n\nThey only scan source code for hardcoded secrets. But what if your Python code securely loads an API key, and your English instructions accidentally trick the agent into printing that key to stdout? The agent framework captures that output, injects it into the LLM context window, and your secret is suddenly exposed. We call this Cross-Modal Leakage.\n\nEnter Scankii. šŸ›”ļø\n\nScankii solves this by analyzing the intersection of your Natural Language and your code. It uses a dual-engine pipeline (NL Semantic Analyzer + AST Syntax Analyzer) to track variable flows between your prompts and your code sinks.\n\n✨ Core Features:\n\n  1. Dual-Engine Scanning: Correlates English instructions with Python ASTs.\n  2. Local-First & Fast: Your proprietary agent tools and code never leave your machine.\n  3. CI/CD Ready: Outputs standard SARIF reports. Drop it into GitHub Actions or use it as a pre-commit hook.\n  4. Framework Agnostic: Works with LangChain, AutoGen, CrewAI, MCP, or any custom python agent framework.\n\n\n\nI built Scankii to give developers peace of mind when scaling their agent toolchains. Security shouldn't be an afterthought when building autonomous systems.\n\nI would love for you to try it out on your agent repos, star the project, and leave any feedback or questions below! I'll be here all day answering them. šŸ‘‡\n\nGitHub Repository: https://github.com/ashp15205/scankii\nInstallation: pip install scankii",
  "title": "Scankii: The First Static Security Scanner Built to Stop AI Agents from Leaking API Keys"
}