Security: IDE selections automatically sent to Claude without explicit user consent and Claude taking action without user consent
Resolved 💬 3 comments Opened Aug 21, 2025 by degliwe Closed Aug 25, 2025
Security Issue
When using Claude Code with IDE integration, text selections in
the editor are automatically sent to Claude without explicit user
action. This creates multiple security risks:
Problems Identified
- Automatic Data Exposure: Any text selected in the IDE
(including passwords, API keys, secrets) is automatically
transmitted to Claude without the user explicitly choosing to
share it.
- Unauthorized Actions: Claude can misinterpret these automatic
selections as requests and begin making code changes without user
permission.
- No User Consent: Users are not clearly informed that their IDE
selections are being monitored and transmitted during active
sessions.
Reproduction
- Open a file in VS Code with Claude Code extension
- Select any text (including potentially sensitive data)
- Claude receives this selection automatically
- Claude may act on this selection without being asked
Security Impact
- Unintentional exposure of sensitive information (credentials,
keys, proprietary code)
- Unauthorized code modifications
- Violation of user expectation of privacy and control
Suggested Fixes
- Require explicit user action (button click, command) to share
selections
- Add clear visual indicator when selections are being shared
- Implement permission prompt before Claude can act on
selections
- Add option to disable automatic selection sharing entirely
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗