Claude Code runs git add . or git add -A and your .env with API keys gets staged. If followed by git commit and git push, your secrets are public.
#2142 — "Claude repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control"
#401 — "Claude loads my projects .env into its bash environment"
The secret-guard hook (included in cc-safe-setup) blocks git add when it would stage sensitive files:
#!/bin/bash
# Blocks: git add .env, git add -A (when .env exists), git add .
CMD=$(cat | jq -r '.tool_input.command // empty')
[ -z "$CMD" ] && exit 0
if echo "$CMD" | grep -qE 'git\s+add.*\.env'; then
echo "BLOCKED: Cannot stage .env files" >&2
exit 2
fi
# Block git add . / git add -A when .env exists
if echo "$CMD" | grep -qE 'git\s+add\s+(\.|--all|-A)' && [ -f .env ]; then
echo "BLOCKED: git add would include .env. Use git add <specific-files>" >&2
exit 2
fi
exit 0npx cc-safe-setupThe secret-guard hook is one of the 8 hooks installed by default. It also catches .env.local, .env.production, SSH keys, and other credential files.
npx cc-safe-setup667 hooks. 9,200+ tests. secret-guard included by default.
cc-safe-setup · GitHub