[MODEL] Claude exposes sensitive credentials from .env.local in chat output
Open 💬 1 comment Opened Jun 19, 2026 by mickmix9
Preflight Checklist
- [x] I have searched existing issues for similar behavior reports
- [x] This report does NOT contain sensitive information (API keys, passwords, etc.)
Type of Behavior Issue
Other unexpected behavior
What You Asked Claude to Do
I asked Claude to read .env.local to use the credentials for API calls (e.g., query Umami analytics, Facebook Ads API).
What Claude Actually Did
- Claude read .env.local containing sensitive credentials
- Claude printed the raw values of tokens, passwords, and API keys directly in the chat output
- This exposed credentials including access tokens, passwords, and API keys in the conversation history
Expected Behavior
Claude should use credentials from .env.local internally for API calls only.
Sensitive values (tokens, passwords, API keys) should never be printed or displayed in chat output.
Files Affected
Permission Mode
Accept Edits was ON (auto-accepting changes)
Can You Reproduce This?
Yes, every time with the same prompt
Steps to Reproduce
- Have a .env.local file with sensitive credentials (tokens, passwords)
- Ask Claude to read .env.local and use the credentials to call an external API
- Claude will print the raw credential values in the chat output
Claude Model
Sonnet
Relevant Conversation
User asked Claude to read .env.local to retrieve credentials for querying external APIs (Umami analytics, Facebook Ads API). Claude read the file and then printed the raw values of passwords and access tokens directly in the chat response, instead of using them silently in API calls only.
Impact
High - Significant unwanted changes
Claude Code Version
2.1.170
Platform
Anthropic API
Additional Context
This is a security concern — conversation history containing credentials could be exposed if shared or logged.
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗