Sieve – scans Cursor/Claude chat history for leaked API keys

apps.apple.com

18 points

21 days ago

Background: I was using Cursor to set up an OpenAI integration.The agent read my .env file, added the key to the config, and everything worked. What I didn't think about: that key was now sitting in a plaintext SQLite database at ~/Library/ApplicationSupport/Cursor/User/workspaceStorage/..

AI coding tools (Cursor, Claude Code, Copilot, Cline) routinely read .env files as part of normal operation. Every secret they touch gets embedded in their local transcript/state files — unencrypted, outside .gitignore, persisted indefinitely.

Standard secret scanners (gitleaks, detect-secrets) scan git repos. Nobody scans AI transcript stores. That's the gap.

Sieve scans those files locally on your Mac. Flags exposed keys by severity. Redacts them in-place. Stores fingerprints in Keychain — never plaintext. Covers Cursor, Claude Code, Claude Desktop, Copilot, Cline, Roo Cline, Windsurf, Gemini CLI, and .env files.

Happy to answer questions about how the SQLite parsing works or the detection rules.

3 comments