Paste your .env.example and your actual .env. The tool reports what's missing, what's extra, and what looks like a real secret committed to .env.example. Heuristics flag values that look like API keys, JWTs, private keys, or production-shaped credentials. Browser only.