snoopy

I found that sometimes Claude Code reads whatever it wants. It'll open my .env, scan my .pem files, grep through my credentials.

Once a secret hits the context window, it's in the prompt being sent to Anthropic's servers and I am not a huge fant of that. I like control (that sounds crazy, but you know what I mean)

Load the plugin when starting Claude:

claude --plugin-dir /path/to/snoopy

How it works

Snoopy installs a PreToolUse hook that fires before every tool call. If Claude tries to read, edit, search, or glob a file that matches a secret pattern, the operation gets denied.

What gets blocked

Files:

.env, .env.*, .env.local, .env.production
*.pem, *.key
secrets.json, credentials.*
*.secret, *.keystore

Bash commands:

cat .env, head credentials.json, tail secrets.key, etc.
echo $SECRET_*, echo $API_KEY_*, printenv

blocked

Managing patterns

Type /guard to open the interactive picker. It scans the project for sensitive files and lets you block, allow, or remove patterns you want!

dashboard

You can also be boring and edit ~/.snoopy/config.json directly:

{
  "blocked": [".env", ".env.*", "*.pem", "*.key", "secrets.json", "credentials.*", "*.secret", "*.keystore"],
  "allowed": [".env.example", ".env.template", ".env.sample"]
}

snoopy

Popularity

What's Inside

README

snoopy

How it works

What gets blocked

Managing patterns

Similar Plugins

sensitive-canary

secrets-guard

credential-guard

secrets-scanner

More by adikuma

chonker

Confidence

More by adikuma

chonker

Popularity

Health & Quality

Similar Plugins

sensitive-canary

secrets-guard

credential-guard

secrets-scanner

hs

claude-mem