Skip to content

docs: warn agents not to paste API keys in chat#143

Open
jennyruan wants to merge 6 commits intogarrytan:masterfrom
jennyruan:fix/api-key-security-warning
Open

docs: warn agents not to paste API keys in chat#143
jennyruan wants to merge 6 commits intogarrytan:masterfrom
jennyruan:fix/api-key-security-warning

Conversation

@jennyruan
Copy link
Copy Markdown

@jennyruan jennyruan commented Apr 15, 2026
edited
Loading

Problem

GBrain's install instructions tell the agent to ask the user for API keys. The agent
naturally says "run export OPENAI_API_KEY=sk-..." and the user runs it in the agent
chat — the only terminal they have open. The key is now stored in conversation logs.

This is a conflict: gbrain needs API keys, but the agent session is not a safe place
to enter them.

Solution

Three layers of protection:

  1. Prevention — tell agents: "Do NOT collect API keys inside the agent chat"
  2. Safe alternative — instruct users to set keys in a separate terminal via ~/.zshenv,
    then verify availability without printing values
  3. Recovery — if a user pastes a key in chat anyway, the agent warns them to rotate it

Before / After

Before: Agent says "run export OPENAI_API_KEY=sk-..." → key in conversation logs

After: Agent says "open a separate terminal and run this" → key never enters the chat.
If user pastes key anyway → agent warns to rotate immediately.

Test plan

  • Start a fresh agent session with gbrain installed
  • Trigger the API key setup flow
  • Confirm the agent instructs user to use a separate terminal
  • Confirm the agent does NOT ask user to paste the key in chat
  • Confirm the verify command checks key availability without printing values
  • Simulate a user pasting a key — confirm the agent warns to rotate

Context

Discovered during a real Claude Code session. A user followed the current instructions,
pasted their OpenAI API key in the chat, and it was stored in conversation history.

🤖 Generated with Claude Code

@jennyruan
docs: warn agents not to ask users to paste API keys in chat
18c624e 
API keys pasted into agent chat sessions are stored in conversation logs,
creating a security risk. Instead, instruct users to set keys in a separate
terminal via ~/.zshenv, then verify availability without printing the values.

Discovered when a user followed the current instructions and their OpenAI
API key was exposed in the conversation history.
@jennyruan
docs: clarify the security conflict — agent sessions log all commands
4404ff0
@jennyruan
docs: add warning to user if they paste key in chat anyway
c859bf3
@jennyruan
docs: add plain-language explanation of why keys shouldn't go in chat
8b724ef
@jennyruan
fix: remove 'paste it to me' from all 6 recipes — same chat log risk
1bb8021 
Every recipe told users to copy tokens and paste them directly into the
agent chat. Same security conflict as the install doc: agent sessions log
all commands to conversation history on the provider's servers.

Updated recipes: ngrok-tunnel, x-to-brain, credential-gateway,
email-to-brain, calendar-to-brain, twilio-voice-brain.

Also added guidance for when users ask 'should I just paste it here?'
— answer is always no, with explanation.
@jennyruan
fix: revert accidental cli.ts permission change, fix 'provides them' …
61c6065 
…wording
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jennyruan