Claude Code dumps live API tokens via env grep — credentials exposed to Anthropic API
Summary
When asked to help update an Atlassian API token, Claude Code ran env | grep JIRA which dumped the live token value into the conversation. This means the credential was:
- Sent to Anthropic's API as part of the conversation context
- Stored in the local conversation transcript (JSONL)
- Visible in terminal scrollback
Claude attempted a sed-based redaction in the same command, but the regex pattern didn't match the variable name (JIRA_API_TOKEN), so the token was output in plaintext.
Expected behavior
Claude Code should never run commands that output live secrets, tokens, or credentials. When helping locate credential configuration, it should search for where variables are defined (grep config files for variable names) — not dump their live values from the environment.
Actual behavior
Claude ran env | grep -i "ATLASSIAN\|JIRA\|MCP" with a broken redaction pipe, exposing the full API token. The token had to be revoked immediately.
Severity
This is a significant trust violation. Users rely on Claude Code to handle their development environment responsibly. Dumping live credentials to a third-party API without explicit user consent is not acceptable — especially when the stated goal was simply to find where the token is configured.
Recommendation
Consider adding guardrails that prevent env, printenv, or echo $ commands when the output is likely to contain secrets (e.g., variables matching TOKEN, SECRET, KEY, PASSWORD, API_KEY patterns).
This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗