refactor: let Claude handle security checks intelligently

- Remove brittle hardcoded API key checks from validate_notebooks.py
- Enhance Claude review to check for any secrets (not just Anthropic)
- Claude understands context (e.g., educational 'bad examples' are OK)

Author: zealoushacker

.github/workflows/claude-notebook-review.yml

@@ -55,7 +55,10 @@ jobs:
             - Dependencies properly imported
 
             ## Security
-            - No exposed secrets or API keys
+            - Check for any hardcoded API keys or secrets (not just Anthropic keys)
+            - Ensure all sensitive credentials use environment variables (os.environ, getenv, etc.)
+            - Flag any potential secret patterns (tokens, passwords, private keys)
+            - Note: Educational examples showing "what not to do" are acceptable if clearly marked
             - Safe handling of user inputs
             - Appropriate use of environment variables
 

scripts/validate_notebooks.py

@@ -25,14 +25,6 @@ def validate_notebook(path: Path) -> list:
                 if output.get('output_type') == 'error':
                     issues.append(f"Cell {i}: Contains error output")
 
-    # Check for hardcoded API keys
-    for i, cell in enumerate(nb['cells']):
-        if cell['cell_type'] == 'code':
-            source = ''.join(cell['source'])
-            if 'sk-ant-' in source or 'anthropic_api_key=' in source.lower():
-                issues.append(f"Cell {i}: Potential hardcoded API key")
-            if 'api_key' in source.lower() and 'os.environ' not in source and 'getenv' not in source:
-                issues.append(f"Cell {i}: API key not using environment variable")
 
     return issues