[BUG] Claude Code likes to write secrets into documentation files

Resolved 💬 3 comments Opened Oct 16, 2025 by walt93 Closed Oct 19, 2025

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

I've caught Claude several times now writing secrets that it got access to (e.g. API tokens for a debugging session) into documents we check into git.

When asked about these things, "Hey Claude, let's think this through... (and show the issue)" ur bot usually replies with an expletive like "Oh f***" before explaining why we should not do that. 🤦‍♂️

What Should Happen?

Claude should not leak secrets into code or documentation

Error Messages/Logs

Steps to Reproduce

  1. Ask claude to debug an endpoint
  2. Give claude an API token to debug it with
  3. Ask claude to document the work (or something)
  4. Check to see if claude leaked the creds

Note: this has happened more than once, so, I claim - repeatable.
Note: see also https://github.com/anthropics/claude-code/issues/9637

Claude Model

None

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.0.14 (Claude Code)

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗