Issue Station
Sign In
Tools hereToolbox

claude-code - 💡(How to fix) Fix [MODEL] Claude Code can get access to files with denied permissions through IDE extensions

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…

Code Example

.env_production

---

When you select lines in your IDE (PyCharm), the Claude Code IDE extension sends
   the selected text as a system reminder in the conversation, including the full
  content of the selected lines. This happens automatically as context for the AI,
   even for .env files.

  So if you highlight a line in .env that contains API_KEY=sk-abc123, the full
  line gets sent to the model. The CLAUDE.md rule that says "never read .env
  files" only prevents the AI from using the Read tool on those files - it doesn't
   block the IDE from sending selected content.

  Worth being aware of if you have sensitive credentials in files you're browsing
  while Claude Code is running.
RAW_BUFFERClick to expand / collapse

Preflight Checklist

  • I have searched existing issues for similar behavior reports
  • This report does NOT contain sensitive information (API keys, passwords, etc.)

Type of Behavior Issue

Claude ignored my instructions or configuration

What You Asked Claude to Do

Normal edits, not related to the .env file.

What Claude Actually Did

Did the edits.

BUT claude also gave information it could only have gotten from the .env_production file. After asking in the chat, claude answered that it that data from the IDE extension, which provided the data from the .env_production file, due to that file having been open at the time in my IDE. The IDE is PyCharm.

Expected Behavior

Claude should not have had access to content from the .env_production file, due to having denied permissions for that file in the settings.json

Files Affected

.env_production

Permission Mode

Accept Edits was ON (auto-accepting changes)

Can You Reproduce This?

Haven't tried to reproduce

Steps to Reproduce

No response

Claude Model

Opus

Relevant Conversation

When you select lines in your IDE (PyCharm), the Claude Code IDE extension sends
   the selected text as a system reminder in the conversation, including the full
  content of the selected lines. This happens automatically as context for the AI,
   even for .env files.

  So if you highlight a line in .env that contains API_KEY=sk-abc123, the full
  line gets sent to the model. The CLAUDE.md rule that says "never read .env
  files" only prevents the AI from using the Read tool on those files - it doesn't
   block the IDE from sending selected content.

  Worth being aware of if you have sensitive credentials in files you're browsing
  while Claude Code is running.

Impact

High - Significant unwanted changes

Claude Code Version

3.6

Platform

Anthropic API

Additional Context

No response

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#ssr#installation#tensor shape#autograd error

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

claude-code - 💡(How to fix) Fix [MODEL] Claude Code can get access to files with denied permissions through IDE extensions