Security

License Notice

Clew Code is an unofficial, reverse-engineered rebuild of Anthropic's Claude Code CLI, renamed and extended for research, local development, and self-hosted use. This repository is not an official Anthropic product. Anthropic has not authorized, endorsed, or sponsored this project.

The upstream Claude Code product is proprietary software owned by Anthropic PBC.

API Key Safety

Clew Code reads API keys from environment variables or .env files. Keys are never committed or shared:

• Keep API keys in environment variables or .env (already in .gitignore)
• Never include keys in prompts or tool calls
• Use /doctor to verify provider connectivity without exposing secrets

Permission Security

Clew Code's 7-tier permission model prevents unauthorized operations:

• default/ask — user must approve every action
• auto — safe operations auto-approved, destructive ones still ask
• dontAsk — full trust. Use only in sandboxed environments

See Permission Model for details.

Safety Gates

The built-in safety gate system validates:

• Command paths — blocks dangerous shell commands
• File paths — prevents writes outside project boundaries
• Output limits — 100 MB bash output cap
• Malformed tool call guard — prevents injection attacks
• PowerShell rule enforcement on Windows

Responsible Disclosure

If you discover a security vulnerability, please open an issue on GitHub rather than posting publicly. Do not submit vulnerabilities as regular issues — use the security issue template.

Reporting a Vulnerability

To report a security issue, please:

1. Go to github.com/ClewCode/ClewCode/security
2. Click "Report a vulnerability"
3. Include as much context as possible (OS, version, steps to reproduce)