Your AI coding agent has been writing every API key you ever pasted to a plaintext file. Nobody is scanning it.

Every Claude Code session you've ever run is a JSONL transcript sitting in ~/.claude/projects/. Codex keeps them in ~/.codex/sessions/. Cursor and Windsurf dump conversation blobs into state.vscdb SQLite files. Aider drops a .aider.chat.history.md into every repo you've touched. All plaintext. All world-readable to anything running as your user. Think about what's in there: every .env you asked for help with, every DB connection string you pasted "just to debug this one thing," every AWS key, every JWT. Stealer malware already knows this credential stealers shipped in malicious npm packages have been observed grepping exactly these paths. Your shell history gets cleaned; your agent history grows forever. I built agentsweep to deal with mine: an open-source CLI that scans the history files of 10 agents (Claude Code, Codex, Cursor, Windsurf, Aider, Cline, Gemini CLI, OpenCode, Continue, Copilot Chat) with 189 detection rules ported from gitleaks, plus a checksum-validated BIP-39 seed phrase detector then redacts findings in place. It's careful about it because corrupting your own history would suck: atomic writes, mandatory .bak backups, post-write JSON validation, agentsweep undo to revert everything. Zero network calls your secrets never leave the machine that's already holding them. uv tool install agentsweep agentsweep scan Scan is read-only. Redaction requires you to literally type REDACT. GitHub: https://github.com/Ishannaik/agent-sweep Obvious caveat: redacting locally doesn't un-send anything to a cloud provider its more useful for locally hosted agents, and the real fix is rotating the keys. The tool prints rotation guidance per finding for exactly that reason. submitted by /u/Ishannaik [link] [comments]

from hacking: security in practice https://ift.tt/JacP6Sh