Credential Guard Control

Manage the PreToolUse hook that prevents Claude from reading files containing credentials.

Commands

Check Status

/scrub:guard status

Shows if guard is enabled and lists any allowlisted paths.

Enable Guard

/scrub:guard on

Enables the PreToolUse hook that scans files before Claude reads them.

Disable Guard

/scrub:guard off

Temporarily disables credential scanning. Use with caution.

Manage Allowlist

/scrub:guard allowlist                    # Show current allowlist
/scrub:guard allowlist add ./config.js    # Allow specific file
/scrub:guard allowlist add "*.test.js"    # Allow pattern
/scrub:guard allowlist remove ./config.js # Remove from allowlist
/scrub:guard allowlist clear              # Clear all allowlist entries

How It Works

PreToolUse Hook: Intercepts Read operations before execution
Pattern Scanning: Checks file for 40+ credential patterns
Block or Allow: Blocks if secrets found (unless allowlisted)
Feedback: Shows Claude what was blocked and why

Detected Credentials

LLM Provider Keys

Provider	Pattern	Example
OpenAI	`sk-...`, `sk-proj-...`	`sk-abc123...`
Anthropic	`sk-ant-...`	`sk-ant-abc123...`
Google AI	`AIza...`	`AIzaSyABC...`
Cohere	40-char alphanumeric	`aBcD1234...`
Mistral	32-char alphanumeric	`abcd1234...`
Groq	`gsk_...`	`gsk_abc123...`
Perplexity	`pplx-...`	`pplx-abc123...`
Hugging Face	`hf_...`	`hf_abc123...`
Replicate	`r8_...`	`r8_abc123...`

Other Services

Service	Pattern
AWS	`AKIA...` (Access Key), 40-char (Secret)
GitHub	`ghp_...`, `github_pat_...`
GitLab	`glpat-...`
Stripe	`sk_live_...`, `sk_test_...`
Slack	`xox...`, webhook URLs
Twilio	`SK...`
SendGrid	`SG....`
Discord	Bot tokens
Firebase	`AAAA...`
Supabase	`sbp_...`

Generic Patterns

Private keys (-----BEGIN...PRIVATE KEY-----)
JWT tokens (eyJ...)
password = "..." assignments
api_key = "..." assignments
secret = "..." assignments
token = "..." assignments

Implementation

To enable/disable, modify ~/.claude/plugins/scrub/hooks/hooks.json:

Enable: Add PreToolUse section with guard script Disable: Remove PreToolUse section

Allowlist File

Located at: ~/.claude/plugins/scrub/.guard-allowlist

Format (one pattern per line):

# Comments start with #
/path/to/allowed/file.js
*.test.js
tests/fixtures/

Secure Alternatives

Instead of allowlisting files with secrets, use environment variables:

Before (insecure)

api_key = "sk-abc123..."

After (secure)

import os
api_key = os.environ["OPENAI_API_KEY"]

Environment Variable Names

Provider	Environment Variable
OpenAI	`OPENAI_API_KEY`
Anthropic	`ANTHROPIC_API_KEY`
Google AI	`GOOGLE_API_KEY` or `GEMINI_API_KEY`
Cohere	`COHERE_API_KEY`
Mistral	`MISTRAL_API_KEY`
Groq	`GROQ_API_KEY`
Perplexity	`PERPLEXITY_API_KEY`
Hugging Face	`HF_TOKEN` or `HUGGINGFACE_API_KEY`
AWS	`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`
GitHub	`GITHUB_TOKEN`
Stripe	`STRIPE_SECRET_KEY`

Example Workflow

# Claude tries to read config with API key
# -> BLOCKED: File contains credentials

# Option 1: Scrub the secrets first
/scrub:secrets --fix ./config.js

# Option 2: Allowlist if you trust the file
/scrub:guard allowlist add ./config.js

# Option 3: Refactor to use env vars (best practice)
# Edit config.js to use process.env.API_KEY

/guard