Is Your AI Agent Leaking Secrets? How to Audit .claude and .cursor Config Folders

2.4% of public repositories using AI coding agents have verified leaked credentials sitting in plain view. Not in your code. In the config folders your AI tools created.

---

The 2.4% Leak: A New Security Frontier

There is a silent leak happening in your development workflow. According to recent scans of public repositories, approximately 2.4% of projects using modern AI coding agents like Claude Code, Cursor, and Continue are inadvertently leaking secrets.

This is not a theoretical vulnerability. These are verified API keys, database connection strings, and cloud credentials sitting in public view. The culprit is not the code you wrote, but the configuration folders your AI tools created.

As we transition from "AI-assisted autocomplete" to "autonomous AI agents," these tools require deeper access to our files, shell history, and environment. This power comes with a price: a new class of configuration directories that developers are habitually committing to version control.

Why .claude and .cursor Are Different

For years, developers have been trained to add .env and .pem files to their ignore lists. However, the new wave of AI agents creates specialized directories to manage state and context.

State Persistence: These folders store your whitelisted commands and tool execution history. If you pass a secret to a command through the agent, that secret might be stored in a local JSON log to "remember" that you authorized it.

Context Indexing: Tools like Cursor index your project to provide better answers. If your ignore rules are not perfectly synced between your editor and your version control, the agent might "see" a secret and then include it in a conversation log or a prompt summary that eventually gets committed.

Sharing Habits: Many teams encourage committing these folders to share project-specific agent instructions. While helpful for collaboration, it creates a dangerous precedent where developers assume the entire folder is safe.

If you are using Claude Code, Cursor, Continue, or Aider, you likely have these folders in your root directory. If you haven't audited them, you are likely part of that 2.4% statistic.

The Practitioner's Audit Guide

Securing your AI workflow requires more than just a quick glance. Follow this step-by-step audit to ensure your credentials stay local.

Step 1: Search the History

Removing a folder from your current commit does nothing if the secret is still in your history. Use specialized tools to scan specifically for AI-related paths. The community has developed targeted scanners like claudleak that look for these specific directories across your entire git history.

Run a scan against your organization's public and private repositories. Focus on any files ending in .json or .local within the agent directories. These are the most common locations for whitelisted command logs that may contain raw credentials.

Step 2: Global Configuration Lockdown

You should not rely on project-level ignore files. Humans forget. Instead, configure your environment to ignore these folders globally across every project on your machine.

# Create or update your global gitignore
echo ".claude/" >> ~/.gitignore_global
echo ".cursor/" >> ~/.gitignore_global
echo ".continue/" >> ~/.gitignore_global
echo ".aider*" >> ~/.gitignore_global
git config --global core.excludesFile ~/.gitignore_global

By setting a global excludes file, you ensure that even if a new team member clones a repo and starts using an AI tool, they won't accidentally push their local agent state to the cloud. This is the single most effective way to prevent future leaks.

Step 3: Review Model Context Protocol (MCP) Configs

The Model Context Protocol allows AI agents to connect to external tools and databases. These configurations often live inside your agent's config folder. Audit these files for:

• Raw API tokens used to connect to MCP servers
• Hardcoded database strings
• Local paths that reveal sensitive internal naming conventions

If an attacker can trick an agent into reading a malicious repository, they might attempt to modify these config files to redirect your agent's output or execute unauthorized code.

Step 4: Validate Workspace Trust

Modern editors like Cursor have "Workspace Trust" features. Ensure these are enabled and configured to prevent agents from executing scripts in "untrusted" repositories. This protects you from the "Remote Code Execution via Folder Open" vulnerability where a malicious repo uses agent tasks to run commands the moment you open the project.

Automating the Defense with ClawSafe

The reality of modern development is that "manual audits" don't scale. As your team grows, the surface area for AI-related leaks expands.

This is why we are building the ClawSafe AI Security Extension. Instead of relying on developers to remember a dozen different ignore patterns, ClawSafe provides:

• Real-time Configuration Scanning: Automatically detects when a new AI agent folder is created and ensures it is properly excluded.
• Secret Redaction in Agent Logs: Scans local agent state files for high-entropy strings and redacts them before they can be committed.
• Policy Enforcement: Prevents the execution of unapproved AI agent skills that haven't been vetted for security.

Try ClawSafe today to audit your existing AI agent configuration.

Final Checklist for Your Team

Before you push your next commit, run through this quick sanity check:

1. Is the config folder for my AI tool explicitly in my ignore file?
2. Did I pass any secrets to the agent in the current session?
3. Have I checked the local history files in that folder for raw credentials?
4. Is my global ignore file updated for the latest 2026 agent tools?

The 2.4% leak statistic is a wake-up call. AI agents are the most powerful tools in our arsenal, but they require a new level of hygiene. Start your audit today or let ClawSafe handle the defense for you.