Potential Security Risk: Claude Code Accessing Local .env File Environment Variables

Resolved 💬 1 comment Opened Feb 26, 2025 by ohmaseclaro Closed Feb 26, 2025

Bug Description
apparentely, claude code uses my .env in my node.js project as if it was yours. I see that because I have DEBUG=true in my .env, which causes claude code to post debug logs about the requests it's doing. not only it seems to be not intended, but it also raises security concerns about claude code reading my keys

Environment Info

  • Platform: macos
  • Terminal: vscode
  • Version: 0.2.14
  • Feedback ID: 40b8e089-d871-43e4-9f12-e5bd80984280

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗