Stats
Actions
Tags
From nopeek
Secures Claude Code sessions with nopeek CLI: loads .env secrets without exposing values, stores keys, redacts cloud CLI outputs to prevent API key leaks. Useful for secret and credential safety.
How this skill is triggered — by the user, by Claude, or both
Slash command
/nopeek:nopeekThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Secure proxy between Claude Code and your secrets. Claude knows key names, never key values.
Secure proxy between Claude Code and your secrets. Claude knows key names, never key values.
Every Bash tool output is sent to Anthropic's API and retained 30+ days. If a CLI prints a token, that token is stored on Anthropic's servers. nopeek prevents this.
All nopeek commands are safe inside Claude Code — they never output secret values, only key names.
npx nopeek init
Detects installed cloud CLIs (aws, hcloud, kubectl, etc.), checks their auth config, and migrates to profile-based auth where needed.
npx nopeek load .env
npx nopeek load .env --only DATABASE_URL,API_KEY
Injects values into the session via CLAUDE_ENV_FILE (when available) or outputs a source command. Only key names appear in output — never values.
npx nopeek set MY_API_KEY --from-env
npx nopeek set STRIPE_KEY --value "sk_live_..."
Stored keys auto-load on every Claude Code session via the SessionStart hook.
npx nopeek status
npx nopeek list
| Hook | Event | Purpose |
|---|---|---|
| session-load.sh | SessionStart | Loads stored keys + CLI profiles into CLAUDE_ENV_FILE |
| redact-output.sh | PreToolUse(Bash) | Wraps cloud CLI output through secret pattern redaction |
CLAUDE_ENV_FILE so they never appear in output at all.|, >, or < to avoid breaking complex command semantics.npx nopeek audit
Scans current directory for .env files containing secrets and checks .gitignore coverage.
Keys not loading on session start:
npx nopeek status — are keys stored?/plugin list/reload-pluginsCloud CLI still showing secrets:
npx nopeek load .env to make secrets available as env vars, then use $VAR_NAME in commandsnpx claudepluginhub spences10/claude-code-toolkit --plugin nopeekProvides secure environment variable management to prevent secrets exposure in Claude sessions, terminals, logs, or git commits.
Extracts hardcoded secrets from CLAUDE.md, .mcp.json, and project config into gitignored .env file, wires SessionStart hook for auto-loading. Use for 'separate secrets' or 'extract API keys'.
Catch API keys, code injection, and unsafe pipe-to-shell installs in real-time while editing in Claude Code, before commit or CI.