Secrets detection before prompt submission #7
Description
When a developer pastes code containing API keys into the chat, those secrets go to Anthropic servers and are stored in ~/.claude/ logs. No tool currently prevents this. Proposal: scan-logs:static check that detects active keys in recent session logs and alerts before next session. Stretch goal: a PreToolUse hook that warns when secrets patterns appear in content being read by the agent. CVE-2025-55284 demonstrated DNS exfiltration of .env secrets.