Potential Security Risk: Claude Code Accessing Local .env File Environment Variables
Resolved 💬 1 comment Opened Feb 26, 2025 by ohmaseclaro Closed Feb 26, 2025
Bug Description
apparentely, claude code uses my .env in my node.js project as if it was yours. I see that because I have DEBUG=true in my .env, which causes claude code to post debug logs about the requests it's doing. not only it seems to be not intended, but it also raises security concerns about claude code reading my keys
Environment Info
- Platform: macos
- Terminal: vscode
- Version: 0.2.14
- Feedback ID: 40b8e089-d871-43e4-9f12-e5bd80984280
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗