fixaiprompt
Safe Paste · 100% browser-only · No uploads

Don't paste secrets into AI.

Paste your log line, JSON dump, SQL, or API response. We detect API keys, JWTs, PII, credentials, and database secrets — and mask them before you share with ChatGPT, Claude, or any AI.

Runs entirely in your browser· No uploads, no logs, no tracking· Detects 30+ secret types
AI Leak Score
100/ 100
Safe to paste
No secrets, credentials, or PII detected.

Paste anything — logs, JSON, SQL, code

0 chars

Masked output

Paste something on the left — your safe-to-share version appears here.
One-click safe paste

Install the bookmarklet

Drag the button below to your bookmarks bar. From now on, anywhere you copy something — a log line, a JSON blob, a config — click this bookmark to scan it in Safe Paste before pasting into ChatGPT or Claude. Zero install, no extension permissions.

  1. Show your bookmarks bar (Cmd/Ctrl + Shift + B).
  2. Drag the "Scan with FixAIPrompt" button into it.
  3. Copy something risky → click the bookmark → see the leak score before paste.
Scan with FixAIPrompt

Drag to bookmarks bar

What gets detected

Everything you probably shouldn't be pasting into a chat box.

API keys

  • AWS access & secret keys
  • OpenAI sk- and sk-proj-
  • Anthropic sk-ant-
  • GitHub ghp_/gho_/ghs_
  • Stripe sk_live/pk_live
  • Google AIza, Slack xox*
  • SendGrid, Mailgun, Twilio

Auth & tokens

  • JWTs
  • Bearer tokens
  • Basic auth headers
  • Credentials embedded in URLs
  • OAuth secrets

Crypto material

  • RSA / DSA / EC private keys
  • OpenSSH private keys
  • PGP private blocks

Infrastructure

  • MongoDB connection URIs
  • Postgres / MySQL URIs
  • Redis URIs
  • S3 bucket URLs
  • .env-style secret lines

PII

  • Emails
  • Phone numbers
  • US SSNs
  • Aadhaar (Verhoeff-validated)
  • Credit cards (Luhn-validated)
  • IPv4 / IPv6

Unknown secrets

  • High-entropy strings (32+ chars, mixed alpha-num)
  • Caught even when the format isn't standard

How it stays safe

Where does my pasted data go?

Nowhere. The detector and masker run as JavaScript in your browser. Nothing is sent to our servers — there is no server.

Do you log or analytics my content?

No. We don't run analytics on this page's content. The only thing we measure is page-level visits, which contain no pasted data.

Will it catch every secret?

No tool catches 100%. Safe Paste covers 30+ well-known patterns plus a high-entropy fallback that catches strings that look like secrets even when their format is unknown. Always glance at the masked output before pasting.

Can I mask JSON or SQL properly?

Yes. Switch the mode to JSON or SQL on the input pane. JSON mode parses your blob and replaces values for sensitive keys like password/token/api_key. SQL mode masks INSERT VALUES and WHERE clauses for sensitive column names.

Want it on your team?

Yes — enterprise DLP for AI is the next step. Get in touch if your team needs this baked into your developer workflow.