Security: IDE extension silently captures selected text, including secrets from .env files
Summary
The Claude Code VS Code extension automatically includes any selected editor text as context in every message sent to the API — with no warning, confirmation, or filtering.
Steps to Reproduce
- Open a
.envfile in VS Code with the Claude Code extension active - Highlight any line containing a secret (API key, password, token)
- Click into the Claude Code chat panel and send any message
- The selected text is transmitted to Anthropic's API as context
Expected Behaviour
Either: the extension does not capture selected text from sensitive files, OR the user is warned before transmission and can cancel.
Actual Behaviour
The value is silently sent with no indication it was included.
Impact
Developers routinely select text to inspect values visually. This workflow silently leaks secrets to a third-party API. The exposure is non-obvious and leaves no local trace.
A real example: a line from a .env file appeared in Claude's context unprompted — it had been selected in the editor while the user typed an unrelated message in the chat panel.
Suggested Fixes
- Warn before sending content from files matching sensitive patterns (
.env,*.key,*secret*,*config*, etc.) - Allow users to configure a file-pattern blocklist for selected-text capture
- Make selected-text capture opt-in rather than opt-out
- Add a UI indicator when a selection is actively being captured as context
Workaround
Deselect all text before sending any message when working in or near credentials files.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗