You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jun 21, 2026. It is now read-only.
Security warnings may contain sensitive file paths or code patterns
No log rotation or size limiting - can fill disk
No way to disable logging
Violates principle of least surprise for a security plugin
Suggested Solution
Make logging opt-in via environment variable
Use a more private location (e.g., ~/.claude/logs/)
Add log rotation and size limits
Sanitize any potentially sensitive data
Document the logging behavior
DEBUG_LOG_FILE=os.path.expanduser("~/.claude/logs/security-warnings.log")
# Or disable by default:ifos.getenv("CLAUDE_SECURITY_DEBUG"):
log_security_check(...)
Acceptance Criteria
Logging disabled by default or uses private location
Problem
Security guidance plugin writes debug logs to a world-readable temp file.
Current state:
File:
plugins/anthropic-security-guidance/hooks/security_reminder_hook.pyWhy it matters:
/tmpis world-readable on most systemsSuggested Solution
~/.claude/logs/)Acceptance Criteria