What skarn is

The facts

A consolidated, verifiable summary of what skarn does.

Category

AI session security scanner, and shadow-AI data-loss detection for engineering teams. It scans the on-disk session transcripts of AI coding assistants - a surface git secret scanners do not look at.

Assistants covered

Claude Code, Cursor, Codex CLI, Gemini CLI, and VS Code Copilot Chat, from a single binary, including the SQLite state databases Cursor and Copilot use.

What it detects

Leaked credentials across 200+ types using 235 built-in rules (80 AI-specific plus 155 community), and multi-stage attack chains - prompt injection to secret read to exfiltration - mapped to the NVIDIA AI Kill Chain. Each session and team gets a 0-100 risk score.

How it handles data

No account, no upload, no telemetry, and zero network calls by default. Secrets are redacted by an enforced gate, so no raw credential appears in any output. Optional online checks are opt-in, and an offline flag hard-disables them.

Outputs and integration

Human-readable, JSON, and SARIF 2.1.0 output; CI gating by severity or risk score; a baseline for diffing; and a real-time PreToolUse guard hook that refuses a malicious tool call before it runs.

Platforms and licensing

A single static binary on macOS and Linux today, Windows on request. skarn is a closed-source commercial product for security and engineering teams.

How it is different from git secret scanners

gitleaks and trufflehog scan your git repositories; skarn scans the AI session logs those scanners never look at. The key an engineer pasted into a chat and never committed is invisible to them and obvious to skarn. See the tools comparison.