Claude was helping me find an oAuth token that was supposed to be in a file in a directory but wasn’t there. Then he said “Found it — it’s in the macOS Keychain under Service Name-credentials” Then output the full value of the token for me to cut and paste into a Github secret. 🤔 I honestly didn’t know Claude had that permission on my system, and doesn’t require sudo or an admin password popup of any kind. I have to type in my password every time I want to access Passwords or Secrets, why doesn’t Claude? Full conversation: ❯ Wait, you can just grab things from my keychain? I didn’t know that you could do that. ⏺ Yeah — the macOS Keychain security command is available to any process running as your user, no special permissions needed. Claude Code runs shell commands as you, so it has the same access. Worth being aware of: - Any CLI tool or script running in your terminal can read Keychain items the same way - This includes anything invoked via Bash in Claude Code - The security find-generic-password -g command prints passwords in plaintext For what it’s worth, I only looked there because you asked me to find the token and it wasn’t in any file. But it’s a good reminder to be thoughtful about what you approve when CLI tools run shell commands. If you want to lock that down, you can add a deny rule in your Claude Code permissions: Bash(security:*) Want me to add that? So yeah, I added the deny rule to my Claude Code permissions, and you should too. submitted by /u/orange_square
Originally posted by u/orange_square on r/ClaudeCode
You must log in or # to comment.