KlynxLint — AI Security Scanner for VS Code
Find security issues as you code. Inline SAST + secrets detection on every save — no CI required.
What It Detects
SAST (12 rule categories)
- SQL / command / LDAP injection
- XSS / template injection
- Path traversal / directory traversal
- SSRF / open redirect
- Weak cryptography (MD5, SHA1, DES, RC4)
- Hard-coded credentials / passwords
- Debug code left in production
- Sensitive data logging
- Insecure deserialization
- XML external entity (XXE)
- Regex denial of service (ReDoS)
- Insecure random number generation
Secrets Detection (18 patterns)
- AWS Access Keys + Secret Keys
- GitHub / GitLab personal access tokens
- Stripe live / test keys
- Slack webhook URLs + bot tokens
- OpenAI + Anthropic API keys
- Twilio / SendGrid / Mailgun tokens
- Database connection strings (Postgres, MySQL, MongoDB, Redis)
- Private keys (RSA, EC, SSH)
- JWT tokens
- Generic high-entropy secrets
Install
- Install from the VS Code Marketplace: search KlynxLint
- Set your API key:
Ctrl+Shift+P → KlynxLint: Open Settings → paste key
- Get a free key at klynxai.com/klynxscan
Quick Setup
// .vscode/settings.json
{
"klynxlint.apiKey": "your-org-key",
"klynxlint.scanOnSave": true,
"klynxlint.minSeverity": "MEDIUM"
}
Or set KLYNX_API_KEY environment variable — the extension picks it up automatically.
How It Works
You save a file
│
▼
KlynxLint sends file content → dragon.klynxai.com/api/guard/vuln/scan/inline
│
▼
Server runs SAST + secrets patterns
│
▼
Findings appear as squiggles + Problems panel entries
│
├── CRITICAL/HIGH → red squiggle (error)
├── MEDIUM → yellow squiggle (warning)
└── LOW → blue squiggle (info)
File content is scanned server-side — no local processes, no Docker, no agent install.
Settings
| Setting |
Default |
Description |
klynxlint.apiKey |
"" |
KlynxAI API key |
klynxlint.apiUrl |
https://dragon.klynxai.com |
API URL (self-hosted override) |
klynxlint.scanOnSave |
true |
Scan on every file save |
klynxlint.scanOnType |
false |
Scan while typing (debounced 2s) |
klynxlint.scanSast |
true |
Enable SAST rules |
klynxlint.scanSecrets |
true |
Enable secrets detection |
klynxlint.minSeverity |
MEDIUM |
Minimum severity to show |
klynxlint.showStatusBar |
true |
Show finding count in status bar |
Commands
| Command |
Description |
KlynxLint: Scan This File |
Scan active file immediately |
KlynxLint: Open Settings |
Open KlynxLint settings |
KlynxLint: Clear All Diagnostics |
Remove all squiggles |
Self-Hosted
Point at your own Dragon instance:
{
"klynxlint.apiUrl": "https://dragon.yourcompany.com"
}
KlynxAI · Docs · Get API Key
