Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
epistasis 6 hours ago

We all have our own experiences with these probabilistic tools, but in my personal experience, two out of four my green-field LLM prototypes had early dev secrets in them, and Claude read all of them in both cases.

Here's one interaction, when I was planning through ways to finally get away from the dreaded .env file, I told Claude that it had already read my secrets, and it said:

> This is an important point and I want to be straight with you first.

> ## What already happened in this conversation

> Yes — the Explore agent read your .env and returned the full plaintext contents into the conversation, which means:

> 1. Sent to Anthropic's API — those credentials passed through Anthropic's servers as conversation context

> 2. Cached locally — Claude Code stores session transcripts; your secrets are likely sitting in ~/.claude/projects/ right now

> 3. In this context window — they're in active memory for this session

...

Which I already knew, but it was funny how it suddenly took it very seriously when told what it was doing.

Anything that's in your .bashrc, .zshrc, any environment variables in shells you provide to the LLM, all those are now in the training data of very large overvalued corporations that are desperate to increase their revenue and IPO very soon.

doctoboggan 4 hours ago | parent [-]

When did this happen? I think I only started noticing around a month ago that Claude had some new system prompts or some other mechanism that heavily encouraged it to not read secrets. Around the same time I also noticed that if it did read any secrets they were ****'d out in the logs.

epistasis 4 hours ago | parent [-]

This was yesterday. It's an early stage project and I would have never created a .env file on my own, but I had let Claude get pretty far along on the PLAN.md before I decided to clean up a bit.

Nothing lost for me here, fortunately, but it's definitely a big foot gun that I've never seen mentioned in any of the Vibe Coding or LLM Agent Coding training courses that the security team has forced me to do.

jermaustin1 3 hours ago | parent [-]

That's interesting to me, because Claude never creates the .env files for me. It will create the .env.example with defaults in it. When I ask it to create the .env, it will reply with the bash to use to copy the .example file, but it wont execute it for me, even when requested.

epistasis an hour ago | parent [-]

It read the .env file after I created it from the example, spreading its contents into many places.

Unfortunately, the .env anti-pattern is endemic throughout many projects, and whether Claude creates the .env from scratch or merely the .env.example, it will end up feeding the .env back to Anthropic with enough interaction, apparently. And developers should expect all files in their work directory to be read by Claude, that's not so much a fault of Claude as it is with the .env anti-pattern.