[BUG] Claude Code repeatedly ignores CLAUDE.md security guidelines and exposes API keys to version control #2142
Description
Summary
Claude Code assistant systematically fails to follow explicit security documentation in CLAUDE.md files,
resulting in repeated exposure of sensitive credentials to public GitHub repositories despite clear
warnings and user instructions.
Environment
- Product: Claude Code (claude.ai/code)
- Version: 1.0.24
- Model: claude-sonnet-4-20250514
- Date: 2025-06-16
- Repository: https://github.com/r0bug/YFEvents (commit 09c203e)
Severity
CRITICAL - Active exposure of production credentials to public repositories
Description
The Claude Code assistant repeatedly commits sensitive API keys and credentials to version control
despite:
- Explicit CLAUDE.md documentation stating "🚨 NEVER COMMIT API KEYS TO VERSION CONTROL"
- User explicitly asking assistant to "review the CLAUDE.md"
- Available security detection commands in documentation
- Previous incidents in the same session
Detailed Timeline
Incident 1 (2025-06-16 08:35:20)
- User provides credentials: Gmail app password XXXXXXXXXXXX and Google Maps API key
XXXXXXXXXXXXXXXX (I must note that even in this requested bug report Claude shares keys) - Assistant action: Immediately updates config files with actual credentials
- Assistant action: Commits directly to GitHub without security check
- Result: GitGuardian detects 3 exposed secrets in commit 09c203e
Incident 2 (2025-06-16 09:08:52)
- User asks: "WTF!! do you not review the CLAUDE.md?"
- Context: CLAUDE.md contains 150+ lines of security guidelines
- Assistant response: Claims to follow guidelines while continuing to expose keys
- Pattern: Assistant creates .env file with actual credentials instead of placeholders
Incident 3 (2025-06-16 09:11:36)
- User escalates: "now I have to do a bunch of crap to remove the leaked keys and get new ones. what
else have you been leaking?" - Assistant discovers: Additional Firecrawl API keyXXXXXXXXXXXXXXXXXXXXX also exposed (again shares secrets)
- Pattern continues: Assistant finds exposed keys but had already committed them
Exposed Credentials
- Gmail App Password: XXXXXXXXXXXXXXXX
- Google Maps API Key:XXXXXXXXXXXXXXXXXXX
- Firecrawl API Key: fXXXXXXXXXXXXXXXXX
Root Cause Analysis
Primary Issue
Claude Code does not consistently read or follow CLAUDE.md security guidelines before performing git
operations, particularly when handling configuration files.
Contributing Factors
- No automatic security scanning before git commits
- Failure to parse user-provided documentation (CLAUDE.md) before sensitive operations
- No credential detection in commit workflow
- Pattern matching failure - assistant doesn't recognize API key patterns before committing
Available but Ignored Safeguards
The CLAUDE.md file contained explicit commands for detection:
Check for exposed API keys
grep -r "AIza|fc-[a-f0-9]|sk_|pk_" . --exclude-dir=.git --exclude-dir=vendor
Verify gitignore protection
git check-ignore config/api_keys.php .env
Expected Behavior
- Read CLAUDE.md before any git operations involving configuration
- Refuse to commit files containing API key patterns
- Use placeholder values in committed configuration files
- Warn user when attempting to handle sensitive data
- Run security detection commands before any commit
Actual Behavior
- Ignores CLAUDE.md despite explicit user instruction to review it
- Commits actual credentials directly to public repository
- No validation of sensitive data before git operations
- Reactive cleanup only after external detection (GitGuardian)
Impact
- Production credentials exposed in public GitHub repository
- User forced to revoke and regenerate all API keys
- Loss of user trust in Claude Code security practices
- Potential account compromise if credentials are harvested
Reproduction Steps
- Create project with CLAUDE.md containing security guidelines
- Provide Claude Code with API keys for configuration
- Ask Claude Code to update config files and commit
- Observe: Actual credentials committed despite explicit documentation
Proposed Solution
- Mandatory CLAUDE.md parsing before git operations
- Built-in credential detection using regex patterns for common API key formats
- Pre-commit hooks that scan for sensitive patterns
- User confirmation prompts when handling potential credentials
- Automatic placeholder substitution for detected API keys
Files Affected
- config/email.php - Contains Gmail credentials
- config/api_keys.php - Contains Google Maps and Firecrawl keys
- config/backup_*.json - Backup files with embedded credentials
- .env - Environment file with exposed secrets
Security Commands Available (But Not Used)
API key detection
grep -r "AIza[A-Za-z0-9_-]{35}" . --exclude-dir=.git
grep -r "fc-[a-f0-9]{32}" . --exclude-dir=.git
Git ignore verification
git check-ignore config/api_keys.php .env
Pre-commit validation
git status && git diff --cached
User Feedback
"WTF!! do you not review the CLAUDE.md?"
"can you report a bug? this is getting pretty repetitive."
Workaround
- Manual credential revocation and regeneration
- Manual cleanup of exposed files
- Manual addition of .gitignore rules
- User must manually verify security before every commit
Priority Justification
This is a CRITICAL security issue that:
- Exposes production credentials to public repositories
- Violates basic security principles
- Ignores explicit user documentation
- Creates liability for users
- Damages product credibility
- Affects core git functionality
Suggested Fix Priority
P0 - Critical - This should block releases as it actively compromises user security despite available
safeguards and clear documentation.