Vibe Coding
Tip: CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 — Strip Credentials from Every Agent Subprocess
New in v2.1.83: setting `CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1` strips Anthropic and cloud provider credentials (AWS keys, database creds, API tokens) from every subprocess environment — Bash commands, hooks, MCP servers. Not enabled by default since some workflows need those credentials. This directly mitigates the Lasso Security attack vector where malicious prompts could exfiltrate environment variables. Add it to your shell profile if your .env contains sensitive keys you don't want agents accessing.
↳ Follow the thread