llm-scanner 0.1.3 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +18 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
> Scan your AI app for prompt injection vulnerabilities before hackers do.
|
|
4
4
|
|
|
5
|
+
> Give me your AI endpoint → I'll show you what breaks in 30 seconds.
|
|
6
|
+
|
|
5
7
|
llm-scanner fires hacker-style attacks at your AI endpoint, judges every
|
|
6
8
|
response with an LLM, and tells you exactly what's broken and how to fix it.
|
|
7
9
|
|
|
@@ -16,16 +18,29 @@ npm install -g llm-scanner
|
|
|
16
18
|
|
|
17
19
|
**Step 2 — Add your OpenAI key**
|
|
18
20
|
|
|
19
|
-
|
|
20
|
-
|
|
21
|
+
Get your API key from https://platform.openai.com/api-keys
|
|
22
|
+
|
|
23
|
+
llm-scanner uses a separate AI judge to evaluate whether your AI
|
|
24
|
+
passed or failed each attack. This judge runs on your machine using
|
|
25
|
+
your own OpenAI API key — so your endpoint data never leaves your
|
|
26
|
+
environment.
|
|
27
|
+
|
|
28
|
+
This is what powers the PASS/FAIL results in your report.
|
|
29
|
+
|
|
30
|
+
Option 1 — Save it (recommended):
|
|
21
31
|
```bash
|
|
22
32
|
echo 'OPENAI_API_KEY=sk-your-key-here' > .env
|
|
23
33
|
```
|
|
24
|
-
|
|
34
|
+
|
|
35
|
+
Option 2 — Quick test:
|
|
25
36
|
```bash
|
|
26
37
|
export OPENAI_API_KEY=sk-your-key-here
|
|
27
38
|
```
|
|
28
39
|
|
|
40
|
+
If you use export, make sure you run aisec in the same terminal session.
|
|
41
|
+
|
|
42
|
+
> Note: The judge uses gpt-4o-mini. A full scan costs less than $0.02.
|
|
43
|
+
|
|
29
44
|
**Step 3 — Run your first scan**
|
|
30
45
|
```bash
|
|
31
46
|
aisec scan \
|