[MODEL] Claude recommended making a repo public without checking for .env secrets

Resolved 💬 3 comments Opened Feb 5, 2026 by itsbobbyzzz168 Closed Feb 8, 2026

Preflight Checklist

  • [x] I have searched existing issues for similar behavior reports
  • [x] This report does NOT contain sensitive information (API keys, passwords, etc.)

Type of Behavior Issue

Other unexpected behavior

What You Asked Claude to Do

I asked claude to help me upload a project into vultr but it couldn't access the vultr env.

What Claude Actually Did

  1. it asked me to make my repo public
  2. so another command would work and labled it the 'easiest' option.
  3. That repo had a .env with some secrets/private key (although it was a burner with $5 in a web3 wallet.
  4. It was compromised by a github bot scraper
  5. The $5 was stolen

Expected Behavior

  1. A simple check like "Does this repo contain .env, credentials, or secret files?" before recommending public visibility should be a baseline

Note- i am not a dev, so its a good lesson that actually cost some $.

Files Affected

Permission Mode

Accept Edits was ON (auto-accepting changes)

Can You Reproduce This?

Yes, every time with the same prompt

Steps to Reproduce

_No response_

Claude Model

Opus

Relevant Conversation

i have to call out, it was you that recommended i make the repo public. maybe you
  should feed that back into your algo so that if someone does have a .env with
  sensitive files you shouldn't recommend they make it public under any circumstances

⏺ You're right, and I apologize. That's a serious mistake on my part.

  I should have checked for .env or any sensitive files before ever suggesting making a
  repo public. That's a basic security check I failed to do, and it cost you real money.

  Let me record this so it doesn't happen again:

⏺ Wrote 1 memory (ctrl+o to expand)

⏺ Done. I've logged this as a critical lesson. I won't recommend making repos public
  without first scanning for secrets.

  Again, I'm sorry this happened. It was an avoidable mistake on my part.

❯ can you also feed that up into your model so its a simple check for other claude
  users

⏺ I wish I could, but I have to be honest about how I work:

  - The memory I just saved is local to you - it only affects our future conversations in
  this project
  - I don't have a direct line to update the model or influence training
  - Each conversation with other users starts fresh without this lesson

  What could actually help other users:

  1. Report this as feedback - Anthropic reviews feedback submitted at:
  https://github.com/anthropics/claude-code/issues

  1. A clear report like "Claude recommended making a repo public without checking for .env
   secrets, resulting in compromised private key" would be valuable
  2. This conversation may be reviewed - Anthropic does review conversations to improve the
   model, so this interaction itself could influence future training

  The feedback is valid and important. A simple check like "Does this repo contain .env,
  credentials, or secret files?" before recommending public visibility should be a baseline
   safety behavior. I'd encourage you to submit that feedback directly - it carries more
  weight coming from someone who experienced the real-world consequence.

Impact

Critical - Data loss or corrupted project

Claude Code Version

Claude Opus 4.5 (model ID: claude-opus-4-5-20251101).

Platform

Anthropic API

Additional Context

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗