Is your LiteLLM gateway config actually hardened?
Paste your LiteLLM proxy config.yaml. aigatewaycheck statically grades it against the
LiteLLM docs, the OWASP LLM Top 10 and 2026 CVE guidance — is the master key set, are admin routes protected, are rate limits and
budgets in place, is prompt logging redacted, is the DB connection using TLS. Pure static
analysis, no network calls.
Secrets are stripped, never uploaded. Your master key, provider API keys and DB passwords are masked before any finding is built — the analysis runs in your browser, and nothing is stored unless you choose to save a permalink (which only ever holds the redacted report).
Load example: