Prevent Claude Code from Leaking Credentials

AI agents can read your credential files, display tokens in conversations, and hunt for secrets. Three hooks stop this.

Real incident (#34819): Agent ran cat ~/.netrc, cat ~/.npmrc, cat ~/.cargo/credentials.toml and displayed all tokens in the conversation.

Real incident (#37845): Agent executed 48 bash commands hunting for credentials — env | grep token, find /home -name "*.token", cat ~/.ssh/id_rsa — all auto-approved.

Three-Layer Defense

Layer 1: Block Reading Credential Files

BLOCKS cat ~/.netrc cat ~/.npmrc cat ~/.cargo/credentials cat ~/.docker/config.json cat ~/.kube/config

npx cc-safe-setup --install-example credential-file-cat-guard

Layer 2: Block Credential Hunting

BLOCKS env | grep TOKEN find / -name "*.token" cat ~/.ssh/id_rsa curl --post-file ~/.env

npx cc-safe-setup --install-example credential-exfil-guard

Layer 3: Block Secrets in Code

BLOCKS hardcoded API keys, passwords in source files, secrets committed via git add

npx cc-safe-setup --install-example hardcoded-secret-detector
npx cc-safe-setup --install-example staged-secret-scan

Files Protected

~/.netrc          — HTTP auth tokens
~/.npmrc          — npm registry tokens
~/.yarnrc.yml     — Yarn registry tokens
~/.cargo/credentials.toml — Cargo/crates.io tokens
~/.docker/config.json — Docker registry auth
~/.kube/config    — Kubernetes cluster credentials
~/.config/gh/hosts.yml — GitHub CLI tokens
~/.pypirc         — PyPI upload tokens
~/.gem/credentials — RubyGems API key
~/.m2/settings.xml — Maven repository credentials
~/.ssh/*          — SSH keys and config
~/.aws/credentials — AWS access keys
~/.env            — Environment secrets

OWASP MCP Top 10 Coverage

These hooks address MCP01: Token Mismanagement & Secret Exposure from the OWASP MCP Top 10. cc-safe-setup includes 20+ hooks covering credential protection across all OWASP MCP risk categories.

Install All Safety Hooks

628 hooks · 9,677 tests · GitHub · npm