When Claude Code runs bash -x script.sh, every command is printed to stderr with all variables fully expanded. If your script sources .env files, your API keys, database passwords, and tokens appear in plain text in the terminal output.
Claude Code sometimes uses bash -x (or set -x) to debug failing scripts. This is standard debugging practice — but it has a dangerous side effect:
Debug tracing expands secrets inline
$ bash -x deploy.sh
+ source .env
++ export DATABASE_URL=$YOUR_DB_CONNECTION_STRING
++ export STRIPE_KEY=$YOUR_STRIPE_SECRET_KEY
+ curl -H "Authorization: Bearer $YOUR_API_TOKEN"With -x, every variable is expanded to its real value. In Claude Code's context, these values persist in the conversation and could be included in error reports or logs.
This isn't limited to bash -x. The flags -xv, -xtrace, and inline set -x all trigger the same behavior. Claude Code may add these flags when troubleshooting a script that fails silently.
You can instruct Claude to avoid debug flags. But during long autonomous sessions, the model is focused on solving the immediate problem — a failing script — and reaches for -x as the quickest diagnostic tool. Context compaction can remove the instruction entirely.
bash-trace-guard.sh — blocks bash debug tracing:
#!/bin/bash
INPUT=$(cat)
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty')
# Block bash -x and set -x variants
if echo "$COMMAND" | grep -qE 'bash\s+(-[a-w]*x|-x)|set\s+(-[a-w]*x|-x)'; then
echo "BLOCKED: bash -x / set -x can expose secrets from .env files" >&2
exit 2
fi
exit 0exit 2 blocks the command at the process level. Claude cannot bypass, ignore, or reason around it. Your secrets stay unexpanded.
npx cc-safe-setupBlocks debug tracing, secret leaks, rm -rf, force-push, and more. 9,200+ tests 655 examples
GitHub · npm · Getting Started
npx cc-health-checkFree 20-point diagnostic for your Claude Code setup.
Open source, zero dependencies. View source.
Related: rm -rf · force-push · if field · autonomous · all tools
Learn more: Production Guide · All Tools