Error
Found an authentication token in the code.
Why this matters
Tokens grant authenticated access to services, and many carry broad permissions. Attackers actively scan for exposed tokens. Once a token lands in git history, it stays recoverable even after deletion.
Detected patterns
Triggers on:
- GitHub Personal Access Tokens (
ghp_...) - GitHub OAuth Tokens (
gho_...) - GitHub App Tokens (
ghu_...,ghs_...) - GitHub Refresh Tokens (
ghr_...) - GitLab Personal Access Tokens (
glpat-...) - Slack Tokens (
xoxb-...,xoxa-..., etc.) - Slack Webhook URLs
- NPM Tokens (
npm_...) - JSON Web Tokens (JWTs)
How to fix
Remove the token immediately
Revoke the compromised token:
- GitHub: Settings > Developer settings > Personal access tokens
- GitLab: Settings > Access Tokens
- Slack: App settings > OAuth & Permissions
Use environment variables:
token := os.Getenv("GITHUB_TOKEN")Use credential helpers:
# For git credentials git config credential.helper store
Configuration
Allow test tokens:
[validators.secrets]
allow_list = [
"ghp_test.*",
"xoxb-000000000000-000000000000.*", # Slack example token
]Best practices
- Prefer short-lived tokens
- Grant only the permissions you need
- Prefer OAuth apps over personal tokens
- Rotate tokens on a schedule
Related
Hook output
When this error is triggered, klaudiush writes JSON to stdout:
permissionDecisionReason (shown to Claude):
[SEC004] Potential secrets detected: authentication token found in code. Remove token and use environment variables or secret management.
systemMessage (shown to user): Formatted error with fix hint and reference URL.
additionalContext (behavioral guidance):
Automated klaudiush validation check. Fix the reported errors and retry the same command.