> github-code-search@2.0.0 scan > tsx src/pipeline/index.ts --commits -q author-name:claude privateKey secret -q author-name:claude remove hardcoded credentials -q author-name:claude fix leaked secrets -q author-name:claude move secrets to env -q author-name:claude security audit credentials -q author-email:claude@anthropic.com remove api key -q author-email:claude@anthropic.com hardcoded password -q author-name:claude add .env configuration -q author-name:claude replace hardcoded -q author-name:claude supabase anon key service_role -q author-name:claude mongodb connection string -q author-name:claude firebase admin credential -q author-name:claude stripe secret key -q author-name:claude telegram bot token -q author-name:claude aws access key secret -g Find repositories where Claude (Anthropic AI) authored commits that ADDED or REMOVED real credentials. Two main patterns: 1) Claude directly committed secrets into code (API keys, passwords, tokens, private keys, connection strings, service accounts). 2) Claude committed a 'fix' that REMOVES previously leaked secrets — meaning the secrets are visible in the DIFF as deleted lines (prefixed with '-'). In both cases, the credentials were exposed in git history. Look at the DIFF carefully: lines starting with '-' show what was REMOVED (these contain the leaked secrets). Lines starting with '+' show replacements. Even if current code is clean, the git history contains the secrets. Focus on: database passwords, API keys, JWT tokens, private keys, mnemonics, service account JSON, Stripe/Twilio/SendGrid keys, AWS credentials. STRICT IGNORE: placeholder values, .env.example files, documentation about how to set env vars, repos that only discuss security best practices without actual credential exposure. --no-telegram [21:30:17] Starting scan [21:30:17] Goal: Find repositories where Claude (Anthropic AI) authored commits that ADDED or REMOVED real credentials. Two main patterns: 1) Claude directly committed secrets into code (API keys, passwords, tokens, private keys, connection strings, service accounts). 2) Claude committed a 'fix' that REMOVES previously leaked secrets — meaning the secrets are visible in the DIFF as deleted lines (prefixed with '-'). In both cases, the credentials were exposed in git history. Look at the DIFF carefully: lines starting with '-' show what was REMOVED (these contain the leaked secrets). Lines starting with '+' show replacements. Even if current code is clean, the git history contains the secrets. Focus on: database passwords, API keys, JWT tokens, private keys, mnemonics, service account JSON, Stripe/Twilio/SendGrid keys, AWS credentials. STRICT IGNORE: placeholder values, .env.example files, documentation about how to set env vars, repos that only discuss security best practices without actual credential exposure. [21:30:17] Queries: "author-name:claude privateKey secret", "author-name:claude remove hardcoded credentials", "author-name:claude fix leaked secrets", "author-name:claude move secrets to env", "author-name:claude security audit credentials", "author-email:claude@anthropic.com remove api key", "author-email:claude@anthropic.com hardcoded password", "author-name:claude add .env configuration", "author-name:claude replace hardcoded", "author-name:claude supabase anon key service_role", "author-name:claude mongodb connection string", "author-name:claude firebase admin credential", "author-name:claude stripe secret key", "author-name:claude telegram bot token", "author-name:claude aws access key secret" [COMMITS] [21:30:17] Concurrency: 3 | Max repos/query: 100 [21:30:17] Searching: "author-name:claude privateKey secret" [21:30:18] Page 1: +10 commits, 10 repos total (10 total commits found) [21:30:30] Fetched 10 commit diffs across 10 repos [21:30:30] Found 10 repos (10 new, 0 already seen) [21:30:30] [1/10] Analyzing johnnyclem/AgentVault... [21:30:30] [2/10] Analyzing jundorok/Proton... [21:30:30] [3/10] Analyzing kuan51/MatrixTrap... [21:30:39] [3/10] SKIP kuan51/MatrixTrap — This is an educational cryptography library implementing a custom matrix-based cryptosystem. It contains no real credentials, API keys, or leaked secrets. [21:30:39] [4/10] Analyzing kihyun1998/rusterm... [21:30:40] [2/10] SKIP jundorok/Proton — This is an OpenClaw skills repository for Proton Mail & Calendar CLI integration. Claude authored commits adding privacy/security enforcement layers, but no real credentials were exposed. [21:30:40] [5/10] Analyzing safal207/L-THREAD-Liminal-Thread-Secure-Protocol-LTP-... [21:30:41] [1/10] SKIP johnnyclem/AgentVault — This repository is a multi-chain AI agent platform. The Claude-authored commit improves cryptographic key derivation and adds at-rest encryption for wallet secrets, but does not expose any real credentials. [21:30:41] [6/10] Analyzing r-near/near-kit... [21:30:47] [4/10] SKIP kihyun1998/rusterm — This repository is a Tauri terminal application where Claude authored a commit implementing keyring integration for secure credential storage. No actual credentials (API keys, passwords, tokens) were exposed in the diff. [21:30:47] [7/10] Analyzing dj-ccs/EHDC... [21:30:49] [6/10] SKIP r-near/near-kit — This is a TypeScript library for NEAR Protocol. The commit by Claude adds secp256k1 signing support - it's purely implementation code with no real credentials exposed. [21:30:49] [8/10] Analyzing brandmeonline/Brand-Me-Labs... [21:30:49] [5/10] SKIP safal207/L-THREAD-Liminal-Thread-Secure-Protocol-LTP- — This repository implements a Liminal Thread Protocol (LTP) for deterministic replay and hallucination blocking in agent traces. The Claude-authored commit adds cryptographic security improvements (ECDH, HKDF) but contains no real credentials. [21:30:49] [9/10] Analyzing jyoung2000/boxwp... [21:30:57] [9/10] SKIP jyoung2000/boxwp — This is a WordPress plugin for Box AI search integration. The commit by Claude adds a JSON configuration upload feature that handles credentials securely through encryption, but no actual credentials are exposed in the diff. [21:30:57] [10/10] Analyzing claude-did-this/claude-hub... [21:30:58] [8/10] SKIP brandmeonline/Brand-Me-Labs — This repository contains a blockchain integration platform where Claude authored a commit adding SDK integration code, but no real credentials were exposed. [21:31:00] [7/10] MATCH dj-ccs/EHDC — Claude authored a commit that contains XRPL testnet secrets hardcoded in source files. The diff shows these secrets were present both before and after the commit, exposed in git history. [21:31:08] [10/10] Analysis failed: TypeError: fetch failed [21:31:08] Searching: "author-name:claude remove hardcoded credentials" [21:31:13] Page 1: +100 commits, 97 repos total (1459 total commits found) [21:33:16] Fetched 100 commit diffs across 97 repos [21:33:16] Found 97 repos (97 new, 0 already seen) [21:33:16] [1/97] Analyzing johnthebakker-ui/Discord... [21:33:16] [2/97] Analyzing Hornofplentyhealth/HealthApp... [21:33:16] [3/97] Analyzing drewmully/procurement... [21:33:26] [1/97] MATCH johnthebakker-ui/Discord — Claude authored a commit that REMOVED hardcoded TURN server credentials (username and password for expressturn.com) from two source files, exposing them in the git diff history. [21:33:26] [4/97] Analyzing jacksoncslaiCanada/MealEngineV2... [21:33:27] [3/97] MAYBE drewmully/procurement — Claude authored a commit that hardcoded login credentials (username 'mully', default password 'procurement') directly into source code, exposing them in git history. [21:33:27] [5/97] Analyzing drewablo/assessment-tool... [21:33:28] [2/97] SKIP Hornofplentyhealth/HealthApp — This repository shows Claude committing a security fix that removes hardcoded credential patterns and improves PCI compliance, but the actual diff does not contain any real exposed credentials (API keys, passwords, tokens, etc.). [21:33:28] [6/97] Analyzing Jon-human-in-the-loop/OpenClaw-Setup-Manager... [21:33:37] [4/97] SKIP jacksoncslaiCanada/MealEngineV2 — This repository is a meal planning pipeline project where Claude authored infrastructure commits (Alembic migrations). No credentials were added or removed in the diffs. [21:33:37] [7/97] Analyzing zhou100/time_logger_game... [21:33:38] [5/97] SKIP drewablo/assessment-tool — This repository is a ministry feasibility analysis tool. Claude authored a security-hardening commit that removed a default database connection string, but it was only a local development default (feasibility:feasibility@localhost), not a real credential. [21:33:38] [8/97] Analyzing Ram-82/Niyam-AI... [21:33:38] [6/97] SKIP Jon-human-in-the-loop/OpenClaw-Setup-Manager — This is an Electron desktop app for setting up OpenClaw (an AI assistant) via Docker. The Claude-authored commit contains security improvements and bug fixes, but no real credentials were added or removed. [21:33:38] [9/97] Analyzing Fonira/DeepSight-Main... [21:33:47] [7/97] SKIP zhou100/time_logger_game — This repository is a FastAPI/React time tracking app with commits authored by Claude, but the diffs show no real credentials being added or removed. [21:33:47] [10/97] Analyzing morrejssc-hub/trenni... [21:33:48] [8/97] SKIP Ram-82/Niyam-AI — This repository is an AI-powered compliance platform for Indian MSMEs. The Claude-authored commit only removed a config.js file with API endpoint URLs (not credentials) and restructured HTML/CSS code. [21:33:48] [11/97] Analyzing danyaffa/Total-iora... [21:33:53] [9/97] MATCH Fonira/DeepSight-Main — Claude (Anthropic AI) committed a security fix that removed real hardcoded credentials from documentation files, exposing them in the git diff history — including an authentication token ('MarcellinTyronJean22'), VPS IP addresses, and Tailscale IPs. [21:33:53] [12/97] Analyzing Robotipy/Landing... [21:33:58] [10/97] SKIP morrejssc-hub/trenni — This is a job supervisor system for an AI agent, authored by Claude. The commit refactors environment variable handling but does not expose any real credentials. [21:33:58] [13/97] Analyzing amirsubhi/clubcollection... [21:34:00] [11/97] MATCH danyaffa/Total-iora — Claude (Anthropic AI) committed a fix that removed hardcoded PayPal credentials (client ID and client secret) from source code, exposing real production PayPal secrets in git history. [21:34:00] [14/97] Analyzing vzwjustin/tquic-kernel... [21:34:08] [13/97] SKIP amirsubhi/clubcollection — This is a Laravel club membership portal where Claude authored a commit adding per-club ToyyibPay credential support, but no actual secrets/credentials were exposed in the diff. [21:34:08] [15/97] Analyzing jaystruckin/TKLINK... [21:34:11] [14/97] MATCH vzwjustin/tquic-kernel — Claude authored a commit that REMOVED a pre-push hook script containing hardcoded VPS credentials (IP address, SSH key path, DigitalOcean droplet ID), exposing them in git diff history as deleted lines. [21:34:11] [16/97] Analyzing 3pacs/17th... [21:34:19] [12/97] SKIP Robotipy/Landing — This repository contains a Claude-authored commit that fixes security vulnerabilities (removing console.log of config, adding input sanitization, security headers), but no actual credentials (API keys, passwords, tokens) are exposed in the diff. [21:34:19] [17/97] Analyzing fullstackconnah/TripCore... [21:34:23] [15/97] SKIP jaystruckin/TKLINK — This is a truck telematics web app where Claude authored a commit to remove personal identifiers (GitHub username URLs) and improve privacy/persistence, but no real credentials (API keys, passwords, tokens, etc.) were added or removed. [21:34:23] [18/97] Analyzing Gengyveusa/fortressflow... [21:34:23] [16/97] MATCH 3pacs/17th — Claude (Anthropic AI) authored a commit that removes hardcoded database credentials ('grid2026' password) from 11+ scripts, exposing the credentials in the git diff as deleted lines. [21:34:23] [19/97] Analyzing matthew-d-edwards/meepliton... [21:34:31] [17/97] SKIP fullstackconnah/TripCore — This repository shows Claude performing a security audit that removes a hardcoded JWT secret fallback string, but the 'secret' removed was a clearly placeholder/development value ('TripCore-Dev-Secret-Key-Minimum-32-Characters!'), not a real credential. [21:34:31] [20/97] Analyzing sebastiannovoa417-cpu/invest-insight-innovator... [21:34:33] [19/97] MAYBE matthew-d-edwards/meepliton — Claude authored a commit that removed a hardcoded PostgreSQL connection string containing password 'postgres' from two factory files, exposing the credential in git diff history. [21:34:33] [21/97] Analyzing azsistemasdegestao/-identity-api... [21:34:35] [18/97] SKIP Gengyveusa/fortressflow — This repository implements a B2B lead generation platform with authentication. Claude authored commits implementing JWT auth, but no real credentials (API keys, passwords, tokens) were exposed in the diffs. [21:34:35] [22/97] Analyzing obaptiste/Cronx-Academy... [21:34:43] [22/97] SKIP obaptiste/Cronx-Academy — This is a homeschool learning platform built with Next.js. The Claude-authored commit adds authentication infrastructure but does not expose any real credentials. [21:34:43] [23/97] Analyzing dncdante911/moi-band-v1.3... [21:34:43] [21/97] MATCH azsistemasdegestao/-identity-api — Claude authored a commit that removed hardcoded development credentials from appsettings.Development.json, exposing a SQL Server password and JWT secret keys in the git diff history. [21:34:43] [24/97] Analyzing cairn-app/cairn-reader... [21:34:52] [20/97] MATCH sebastiannovoa417-cpu/invest-insight-innovator — Claude authored a commit that removed a previously committed .env file containing real Supabase credentials (project URL, anon JWT key) and hardcoded Supabase credentials from source code files, exposing them in git history. [21:34:52] [25/97] Analyzing krunchontu/loopee-rn... [21:34:53] [24/97] SKIP cairn-app/cairn-reader — Claude removed weak default/fallback credentials ('cairn_admin' / 'cairn_admin_pass') from a dev docker-compose file, but these are generic placeholder defaults, not real leaked secrets. [21:34:53] [26/97] Analyzing ingoatl/propertycentral... [21:34:55] [23/97] MAYBE dncdante911/moi-band-v1.3 — Claude authored a commit that REMOVED a hardcoded bcrypt password hash from login.php, replacing it with environment variables. The actual bcrypt hash is visible in the diff as a deleted line. [21:34:55] [27/97] Analyzing daler91/iowacenterhubspoke... [21:35:02] [25/97] MATCH krunchontu/loopee-rn — Claude authored a commit that removed hardcoded test credentials (test@loopee.app / TestPassword123!) from a Maestro config file, exposing them in the git diff history. [21:35:02] [28/97] Analyzing gbassaragh/DeliverablesChecklist... [21:35:04] [26/97] SKIP ingoatl/propertycentral — This is a property management app (Lovable/React project) where Claude authored a commit replacing a manual QR code workflow with automated QR & Guidebook generation. No real credentials were exposed. [21:35:04] [29/97] Analyzing discostu105/bge... [21:35:04] [27/97] SKIP daler91/iowacenterhubspoke — Claude removed a hardcoded test password 'testpass123' from test files, but this is a trivial, non-real credential (a generic test password fallback), not a genuine leaked secret. [21:35:04] [30/97] Analyzing Hectorg0827/SecretaryAI... [21:35:13] [30/97] SKIP Hectorg0827/SecretaryAI — This repository is an AI operations manager app. The Claude-authored commit fixes bugs (import paths, aliases, config) but does not add or remove any real credentials. [21:35:13] [31/97] Analyzing lyndeinvestments-lab/tendwell-ops... [21:35:15] [28/97] MAYBE gbassaragh/DeliverablesChecklist — Claude authored a commit that REMOVED a hardcoded development database password ('DevPassword123!') from docker-compose.yml and README.md, exposing the credential in git diff history. [21:35:15] [32/97] Analyzing queirozmarcus/projeto-mcp-gemini... [21:35:18] [29/97] MATCH discostu105/bge — Claude authored a commit that removed hardcoded secrets from source code — a Rookout token and Discord OAuth credentials (ClientId and ClientSecret) are visible in the diff as deleted lines. [21:35:18] [33/97] Analyzing caiofelipead/scouting_bfsa_react... [21:35:23] [31/97] SKIP lyndeinvestments-lab/tendwell-ops — This is a Tendwell Cleaning Co operations dashboard (Supabase + React) where Claude authored a commit with UI fixes and improvements. No credentials were added or removed in the diff. [21:35:23] [34/97] Analyzing laeticiamng/emotionscare... [21:35:24] [32/97] SKIP queirozmarcus/projeto-mcp-gemini — This is a Gemini Code Assist MCP server for Claude Code. While authored by Claude Code Agent, it does not contain any leaked credentials - it explicitly uses ADC (Application Default Credentials) and mentions no hardcoded secrets. [21:35:24] [35/97] Analyzing ITLearner-0/zawajconnect... [21:35:30] [33/97] MATCH caiofelipead/scouting_bfsa_react — Claude authored a security fix commit that REMOVED hardcoded credentials from the codebase, exposing real passwords and secrets in the git diff history. [21:35:30] [36/97] Analyzing jackisalone/Settl... [21:35:35] [35/97] MATCH ITLearner-0/zawajconnect — Claude authored a commit that removed hardcoded Supabase credentials (URL and anon JWT key) from client.ts and Status.tsx, exposing them in the git diff as deleted lines. [21:35:35] [37/97] Analyzing LouisRosche/CARBS... [21:35:44] [37/97] SKIP LouisRosche/CARBS — This repository is a crypto arbitrage bot where Claude authored a commit to harden security, but the diff does not contain any real credentials (API keys, passwords, tokens, etc.). [21:35:44] [38/97] Analyzing Santhosh642003/wellness-app... [21:35:45] [34/97] MATCH laeticiamng/emotionscare — Claude (Anthropic AI) authored commits that removed real Supabase credentials, JWT anon keys, hardcoded test account passwords, and project URLs from the EmotionsCare codebase. The secrets are visible in the git diff as deleted lines. [21:35:45] [39/97] Analyzing amurpo/reptracker... [21:35:52] [39/97] MATCH amurpo/reptracker — Claude authored a commit that removed hardcoded development credentials (JWT secret, admin email, admin password) from wrangler.toml, exposing them in git history. [21:35:52] [40/97] Analyzing Dbecker1601/vbt_vc... [21:35:55] [38/97] SKIP Santhosh642003/wellness-app — This is a wellness app where Claude authored a commit modifying deployment configuration, but no real credentials were exposed — only placeholder/default values in .env.example files and docker-compose defaults. [21:35:55] [41/97] Analyzing aurelianware/cloudhealthoffice... [21:36:00] [40/97] MATCH Dbecker1601/vbt_vc — Claude authored a commit that removed a hardcoded Telegram bot token from source code, exposing the real credential in the git diff history. [21:36:00] [42/97] Analyzing CannObserv/watcher... [21:36:04] [41/97] MATCH aurelianware/cloudhealthoffice — Claude authored a commit that removed hardcoded MongoDB credentials (admin/securepassword123) from a Kubernetes manifest, exposing those credentials in the git diff history. [21:36:04] [43/97] Analyzing sublimeanger/klarvo... [21:36:19] [42/97] SKIP CannObserv/watcher — This repo shows Claude removing a hardcoded default database connection string ('postgresql+asyncpg://watcher:watcher@localhost:5432/watcher') that uses obviously generic local development credentials, not real leaked secrets. [21:36:19] [44/97] Analyzing GrupoLefarma2025/01-lefarma-project... [21:36:22] [43/97] MATCH sublimeanger/klarvo — Claude (Anthropic AI) authored commits that both added and removed hardcoded Supabase credentials (URL and anon key JWT) in the git history of this EU AI Act compliance platform. [21:36:22] [45/97] Analyzing MainakMK/video-player... [21:36:31] [45/97] SKIP MainakMK/video-player — This repository shows Claude replacing hardcoded default Docker Compose credentials with environment variables, but the 'credentials' are just local development defaults (videoplayer/videoplayer123), not real leaked secrets. [21:36:31] [46/97] Analyzing andyprivate10/fluidz-app... [21:36:32] [44/97] MATCH GrupoLefarma2025/01-lefarma-project — Claude (claude@anthropic.com) committed a security fix that removed hardcoded production credentials from appsettings.json, exposing database passwords, a master password, and an SMTP email password in the git diff history. [21:36:32] [47/97] Analyzing kj-huang/business-notify... [21:36:40] [46/97] MATCH andyprivate10/fluidz-app — Claude authored a commit that removed hardcoded credentials from netlify.toml, exposing a Supabase anon key, Supabase URL, and VAPID public key in the git diff history. [21:36:40] [48/97] Analyzing nishantr96/create_glossary_terms... [21:36:48] [47/97] MATCH kj-huang/business-notify — Claude authored a security audit commit that REMOVED real Google OAuth credentials (client IDs, client secrets) from committed JSON files, exposing them in the git diff history. [21:36:48] [49/97] Analyzing support371/GlobalGateway... [21:37:01] [49/97] SKIP support371/GlobalGateway — This repository is a full-stack logistics/property management application where Claude authored TypeScript fixes and CI configuration changes. No real credentials were added or removed in the diffs. [21:37:01] [50/97] Analyzing arnav-ray/visitgermany-backend... [21:37:03] [48/97] MAYBE nishantr96/create_glossary_terms — Claude authored a commit that removed hardcoded Atlan API credentials from config.py, meaning the actual tenant URL and API key were exposed in the git diff history as deleted lines. [21:37:03] [51/97] Analyzing arnav-ray/TreasuryFlow... [21:37:10] [36/97] MATCH jackisalone/Settl — Claude authored a commit that removed hardcoded Supabase credentials (URL and anon key JWT) from lib/supabase.ts, meaning the real credentials are visible in the git diff as deleted lines. [21:37:10] [52/97] Analyzing f1rerabbit92/aivideofactory... [21:37:14] [51/97] SKIP arnav-ray/TreasuryFlow — This repository shows Claude removing demo credential displays from a login UI and applying security hardening, but the 'credentials' are trivial demo placeholders (admin/password, finance/password, approver/password) — not real secrets. [21:37:14] [53/97] Analyzing the-walking-agency-det/indiiOS-Alpha-Electron... [21:37:16] [50/97] MATCH arnav-ray/visitgermany-backend — Claude authored a commit that removed a hardcoded Google Sheets API key ('AIzaSyAA8HGLU2R0txJLZE3Wta7nwLKB-unKuXg') from client-side code in index.html, exposing the real credential in git history. [21:37:16] [54/97] Analyzing Wealthtechinnovations/api_opcv... [21:37:19] [52/97] SKIP f1rerabbit92/aivideofactory — Claude authored a commit that REMOVED hardcoded default admin credentials ('admin@admin.com' / 'admin') from seed.py, replacing them with environment variable lookups. These are not real leaked secrets — they are generic default/placeholder credentials for a local development seed script. [21:37:19] [55/97] Analyzing Patricked-code/api... [21:37:24] [53/97] SKIP the-walking-agency-det/indiiOS-Alpha-Electron — This repository shows Claude authoring a security hardening commit that cleans up a .env.example file, but the removed lines only contain placeholder values like 'your_firebase_api_key_here', not real credentials. [21:37:24] [56/97] Analyzing pariksj/MFT... [21:37:32] [54/97] MATCH Wealthtechinnovations/api_opcv — Claude authored a commit that exposed real credentials in the .env file, including a database password, JWT secret, Gmail app password, and Magic SDK live secret key. [21:37:32] [57/97] Analyzing milobrandon/MemoChef... [21:37:37] [55/97] MATCH Patricked-code/api — Claude (Anthropic AI) authored a commit that directly added real credentials into a .env file, including database password, JWT secret, Gmail app password, and Magic SDK live secret key. [21:37:37] [58/97] Analyzing sziff2/AI-tracker-toolv2... [21:37:43] [57/97] MAYBE milobrandon/MemoChef — Claude authored a commit that removed hardcoded credentials (username 'brandon' and password 'MemoChef2026') from test documentation and test files, exposing them in git history. [21:37:43] [59/97] Analyzing Operations206/Seedscore... [21:37:46] [56/97] MATCH pariksj/MFT — Claude authored a commit that removed hardcoded Fyers broker credentials (JWT access token and token ID) from data.ts, replacing them with environment variable lookups. The actual credential values are visible in the git diff as deleted lines. [21:37:46] [60/97] Analyzing simohmd10/heritage-leather-goods... [21:37:47] [58/97] SKIP sziff2/AI-tracker-toolv2 — This repository contains a Claude-authored commit that improves security by removing default/placeholder database credentials from config files, but no real secrets were ever exposed. [21:37:47] [61/97] Analyzing chaejimmy/pixel... [21:37:54] [59/97] SKIP Operations206/Seedscore — This repo shows Claude removing hardcoded demo/placeholder franchisee credentials (simple names like 'alice2026', 'ben2026') from a franchise scoring app — these are clearly placeholder/demo credentials, not real leaked secrets. [21:37:54] [62/97] Analyzing FerrazPiai/Playwright... [21:37:56] [60/97] MAYBE simohmd10/heritage-leather-goods — Claude authored a commit that removed hardcoded demo credentials (email and password) from a Login page, exposing them in the git diff history. [21:37:56] [63/97] Analyzing masridigital/md-compliance... [21:37:57] [61/97] MATCH chaejimmy/pixel — Claude authored a commit that removed hardcoded Auth0 credentials (domain and client ID) from an Android app, exposing those real credentials in the git diff as deleted lines. [21:37:57] [64/97] Analyzing iMMerSiveTechs/SyncSimp... [21:38:07] [63/97] SKIP masridigital/md-compliance — This repo shows Claude removing insecure default values (like 'db1', 'admin1234567', 'change_secret_key') from config files, but these are generic placeholder/default values, not real leaked credentials. [21:38:07] [65/97] Analyzing ismg2/STDev-CloudInstance... [21:38:14] [64/97] MATCH iMMerSiveTechs/SyncSimp — Claude authored a commit that REMOVED multiple real credentials from code, exposing them in the git diff history: RevenueCat secret API keys, Firebase config, and a demo user password. [21:38:14] [66/97] Analyzing hadouken3116/SST-TTS-middleware-wrapper-genesys... [21:38:18] [65/97] SKIP ismg2/STDev-CloudInstance — This repository is a CLI tool for benchmarking AI models on STM32 boards via ST Edge AI Developer Cloud. Claude authored commits rewriting the OAuth2 authentication flow, but no real credentials were added or removed. [21:38:18] [67/97] Analyzing sky69006/beachfront... [21:38:23] [66/97] SKIP hadouken3116/SST-TTS-middleware-wrapper-genesys — This repo has a Claude-authored commit that fixes security issues, but no real credentials were ever exposed — only placeholder values like 'your-genesys-gateway' were removed. [21:38:23] [68/97] Analyzing Psayha/seodirect... [21:38:34] [68/97] MAYBE Psayha/seodirect — Claude authored a security hardening commit that removed hardcoded database credentials ('seodirect:seodirect') from docker-compose.yml and alembic.ini, replacing them with environment variables. The previous default password 'seodirect' is visible in the diff as removed lines. [21:38:34] [69/97] Analyzing vichkanovanatalia71-eng/menedger_WordCraft... [21:38:36] [67/97] SKIP sky69006/beachfront — Failed to parse analysis response [21:38:36] [70/97] Analyzing keletonik/mentaris.io... [21:38:44] [62/97] MAYBE FerrazPiai/Playwright — Claude authored a commit that hardcoded a webhook URL (n8n endpoint) into the source code, replacing what was previously an empty string fallback for an environment variable. [21:38:44] [71/97] Analyzing zukarov/new-proj-claude... [21:38:46] [70/97] MATCH keletonik/mentaris.io — Claude (Anthropic AI) authored a commit that removed hardcoded admin credentials (username 'keletonik' and password 'Ramekin881!') from the codebase, exposing them in the git diff history. [21:38:46] [72/97] Analyzing Quobo-co/Quobo-III... [21:38:46] [69/97] MATCH vichkanovanatalia71-eng/menedger_WordCraft — Claude authored a commit that removed a hardcoded YouScore API key ('4a5a000047a6e89800a306e01306c62c21b2c773') from the config defaults, exposing the real credential in the git diff history. [21:38:46] [73/97] Analyzing Avihai245/hit-meter-starter---OLD... [21:38:53] [71/97] SKIP zukarov/new-proj-claude — This repository is a Polymarket trading bot configured by Claude, but the diffs only show placeholder/example values being modified in .env.example and config files — no real credentials were ever committed. [21:38:53] [74/97] Analyzing ZapRasdower/nlexmarketmonitor... [21:38:56] [72/97] SKIP Quobo-co/Quobo-III — This repo shows Claude hardening authentication by removing hardcoded placeholder user IDs ('usr-1') and adding CSRF/session validation, but no real credentials (API keys, passwords, tokens, private keys) were exposed. [21:38:56] [75/97] Analyzing AbaSheger/abasheger.github.io... [21:39:03] [73/97] SKIP Avihai245/hit-meter-starter---OLD — Failed to parse analysis response [21:39:03] [76/97] Analyzing adriangmrraa/MultiAgents-Platform-ROI... [21:39:04] [74/97] SKIP ZapRasdower/nlexmarketmonitor — This repository shows Claude fixing security issues by removing hardcoded DB credentials and switching to env vars, but the diff only shows the fix commit — no actual real credentials are visible in the removed lines. [21:39:04] [77/97] Analyzing Ar00ii/bolty... [21:39:05] [75/97] MATCH AbaSheger/abasheger.github.io — Claude authored a commit that removed hardcoded EmailJS credentials from source code, exposing them in the git diff history as deleted lines. [21:39:05] [78/97] Analyzing TheDoctorBotter/Yacht-Club... [21:39:14] [78/97] SKIP TheDoctorBotter/Yacht-Club — This repository shows Claude authored a commit modifying authentication code for Schwab API, but no actual credentials (API keys, passwords, secrets) are exposed in the diff. [21:39:14] [79/97] Analyzing Exit95/AtelierAL... [21:39:18] [77/97] MATCH Ar00ii/bolty — Claude authored a commit that removed hardcoded GitHub OAuth credentials (client ID, client secret) and a JWT secret from source code, exposing them in the git diff history. [21:39:18] [80/97] Analyzing YellowKidokc/Forge-v1-Claude... [21:39:31] [76/97] MAYBE adriangmrraa/MultiAgents-Platform-ROI — Claude authored a commit that removed a hardcoded admin token fallback 'admin-secret-99' from useApi.ts, and also removed token exposure in URLs (Console.tsx). The secrets are visible in the git diff as deleted lines. [21:39:31] [81/97] Analyzing krishanraja/fractionl-pulse... [21:39:31] [80/97] MATCH YellowKidokc/Forge-v1-Claude — Claude (Anthropic AI) authored a commit that removed hardcoded database credentials (multiple username/password combinations for PostgreSQL) from source code, replacing them with environment variables. The real passwords are visible in the git diff as deleted lines. [21:39:31] [82/97] Analyzing mkmkkkkk/morph-web... [21:39:41] [82/97] SKIP mkmkkkkk/morph-web — This is a React Native/Expo mobile terminal app for Claude Code. The commit by Claude is a refactoring/bug-fix commit with no credentials exposed. [21:39:41] [83/97] Analyzing urknin/jobhunt... [21:39:45] [81/97] MATCH krishanraja/fractionl-pulse — Claude authored a commit that removed hardcoded Supabase anon keys from multiple files, exposing the JWT tokens in the git diff as deleted lines. [21:39:45] [84/97] Analyzing aytzey/Tusbina... [21:39:49] [83/97] SKIP urknin/jobhunt — This is a job hunting CLI tool. The commit by Claude Code only refactors profile resolution logic (removing a hardcoded username 'siddart' fallback) — no real credentials are exposed. [21:39:49] [85/97] Analyzing getlotlogic/lotlogic... [21:39:57] [84/97] MATCH aytzey/Tusbina — Claude (Anthropic AI) committed a fix that removed plaintext SSH credentials (host, port, username, password) from a deploy command file, exposing them in the git diff history. [21:39:57] [86/97] Analyzing Peach-Phoenix-LLC/tsgabrielle... [21:39:59] [85/97] SKIP getlotlogic/lotlogic — This is a parking lot monitoring system (LotLogic) with commits authored by Claude, but no real credentials are exposed in any of the diffs. [21:39:59] [87/97] Analyzing xploroshan/jyotryx... [21:40:07] [86/97] MATCH Peach-Phoenix-LLC/tsgabrielle — Claude (Anthropic AI) authored a commit that removed hardcoded live PayPal API credentials (client ID and client secret) from vercel.json, exposing them in git history. [21:40:07] [88/97] Analyzing JakeCox90/Pyramid... [21:40:09] [87/97] SKIP xploroshan/jyotryx — This is an AI astrology platform where Claude authored infrastructure/optimization commits. No real credentials were exposed. [21:40:09] [89/97] Analyzing JayLindblad/nearby... [21:40:19] [88/97] SKIP JakeCox90/Pyramid — This repository contains a plan authored by Claude to REMOVE hardcoded credentials from source code, but the diff shown only contains the planning document — no actual credentials are visible in any diff. [21:40:19] [90/97] Analyzing AgentClaude/openfinance... [21:40:21] [89/97] MATCH JayLindblad/nearby — Claude authored a commit that removed hardcoded Supabase credentials from index.html, exposing them in the git diff, and simultaneously re-embedded the same Supabase anon key as a default fallback in the new build.js file. [21:40:21] [91/97] Analyzing mohdbilal2000/akurock... [21:40:33] [91/97] MAYBE mohdbilal2000/akurock — Claude authored a commit that removed hardcoded admin credentials (username='admin', password='admin') from the admin panel JavaScript code, exposing these credentials in the git diff history. [21:40:33] [92/97] Analyzing slemo54/social-media-pulse... [21:40:35] [90/97] SKIP AgentClaude/openfinance — This is a personal finance app repository where AgentClaude committed deployment configuration scripts. The deploy.sh script auto-generates secrets at runtime using `openssl rand` — no actual credentials are hardcoded or exposed in the diff. [21:40:35] [93/97] Analyzing avpv/bubo... [21:40:41] [92/97] SKIP slemo54/social-media-pulse — This repository is a social media analytics dashboard. The Claude-authored commit improves error handling for missing credentials but does not add or remove any real secrets. [21:40:41] [94/97] Analyzing Chregu12/OpenDirectory... [21:40:44] [93/97] SKIP avpv/bubo — This is a macOS menu bar calendar app. The commit by Claude fixes security bugs (ensuring tokens are properly deleted from keychain on logout) and other correctness issues, but no actual credentials/secrets are exposed in the diff. [21:40:44] [95/97] Analyzing bukchair/BScale-Ai... [21:40:50] [94/97] SKIP Chregu12/OpenDirectory — Claude authored a commit removing hardcoded credentials, but the 'credentials' were only placeholder/example values like 'your_password', 'your_password_here', and 'admin'/'password' — not real leaked secrets. [21:40:50] [96/97] Analyzing Dlimb4876/Whisky-club... [21:40:54] [95/97] MAYBE bukchair/BScale-Ai — Claude authored a commit that removed a hardcoded admin email ('asher205@gmail.com') from firestore.rules and firebase.ts, exposing the previously hardcoded value in git diff history. [21:40:54] [97/97] Analyzing mikelmyers/trailblazer... [21:41:00] [96/97] MATCH Dlimb4876/Whisky-club — Claude authored a commit that removed a hardcoded Gemini API key from client-side JavaScript, exposing the real credential 'AIzaSyCbC8xNRVSV-Vdid2e9gmZF20Bi3qhDkcw' in the git diff history. [21:41:02] [79/97] SKIP Exit95/AtelierAL — Failed to parse analysis response [21:41:04] [97/97] SKIP mikelmyers/trailblazer — This repository shows Claude making a production cleanup commit that removes demo/placeholder data and fixes bugs, but no real credentials are exposed in the diff. [21:41:04] Searching: "author-name:claude fix leaked secrets" [21:41:07] Page 1: +100 commits, 95 repos total (626 total commits found) [21:43:16] Fetched 99 commit diffs across 95 repos [21:43:16] Found 95 repos (89 new, 6 already seen) [21:43:16] [1/89] Analyzing lhassa8/Project2... [21:43:16] [2/89] Analyzing AwenHomes/awen-fresno... [21:43:16] [3/89] Analyzing fabianzimber/milesandmore-backend... [21:43:26] [3/89] SKIP fabianzimber/milesandmore-backend — This is a Twitch chatbot backend where Claude authored a commit fixing bugs and removing dead code, but no real credentials were added or removed in the diff. [21:43:26] [4/89] Analyzing KhairulA/sg-to-ynab... [21:43:27] [1/89] SKIP lhassa8/Project2 — This is an enterprise sandbox tool for previewing Claude agent actions. The commit by Claude replaces a hardcoded default HMAC secret with an environment-configurable one, but the 'secret' is just a default placeholder value ('agent-sandbox-hmac-secret'), not a real credential. [21:43:27] [5/89] Analyzing Traves-Theberge/OpenLens... [21:43:28] [2/89] MAYBE AwenHomes/awen-fresno — Claude authored a commit that removed a hardcoded Supabase URL from the README, exposing it in the git diff history as a deleted line. [21:43:28] [6/89] Analyzing founder-arch/trialsim-beta-v2... [21:43:35] [4/89] SKIP KhairulA/sg-to-ynab — This repository is a client-side tool for importing Singapore bank statements into YNAB. The Claude-authored commit only modifies CI/CD workflow configuration to suppress warnings — no real credentials were added or removed. [21:43:35] [7/89] Analyzing RealDougEubanks/JSM-HomeAssistant-Notifier... [21:43:37] [5/89] SKIP Traves-Theberge/OpenLens — This repository is an AI-powered code review CLI tool. The Claude-authored commit fixes security edge cases (config leak, input validation, path traversal) but does not add or remove any real credentials. [21:43:37] [8/89] Analyzing hopdad/SC-Wiki... [21:43:37] [6/89] SKIP founder-arch/trialsim-beta-v2 — This is a trial advocacy training platform (TrialSim) where Claude authored commits refactoring URL construction in email functions. No real credentials were added or removed. [21:43:37] [9/89] Analyzing Crfuentes12/callengo-app... [21:43:44] [7/89] SKIP RealDougEubanks/JSM-HomeAssistant-Notifier — This is a Docker service bridging JSM/OpsGenie alerts to Home Assistant. The Claude-authored commit improves robustness, security, and observability — no credentials are added or removed. [21:43:44] [10/89] Analyzing dok2d/offline-box... [21:43:46] [8/89] SKIP hopdad/SC-Wiki — This is a Docusaurus wiki project where Claude authored a security-hardening commit fixing role checks and authorization logic, but no real credentials were added or removed. [21:43:46] [11/89] Analyzing bharath-shanmugasundaram/7Sync... [21:43:46] [9/89] SKIP Crfuentes12/callengo-app — This repository contains a Next.js app where Claude authored a security bugfix commit, but the commit does not add or remove any real credentials (API keys, passwords, tokens, etc.). [21:43:46] [12/89] Analyzing kyleboas/secondbrain... [21:43:55] [10/89] SKIP dok2d/offline-box — This is an Ansible-based offline home server project where Claude committed security improvements. No real credentials were exposed in the diffs. [21:43:55] [13/89] Analyzing cwchanap/perseus... [21:43:56] [12/89] SKIP kyleboas/secondbrain — This repository is a shared memory server for AI tools. The commit by Claude is a security hardening commit that fixes timing attacks, SQL injection, and adds CSRF protection — it does not add or remove any real credentials. [21:43:56] [14/89] Analyzing Masjid-Connect/Masjid-Connect... [21:43:56] [11/89] SKIP bharath-shanmugasundaram/7Sync — This repository is a watch party app forked from WatchParty. The Claude-authored commit fixes bugs (memory leaks, race conditions, security issues like room password leaking to non-owners) but does not add or remove any real credentials. [21:43:56] [15/89] Analyzing BigBill1418/EyesOn... [21:44:04] [13/89] SKIP cwchanap/perseus — This repository contains a Svelte project where Claude authored a commit fixing lint issues and test environment variable leakage, but no real credentials were exposed. [21:44:04] [16/89] Analyzing SENTRY-Security/SENTRY-Messenger... [21:44:07] [15/89] SKIP BigBill1418/EyesOn — This is a drone streaming platform where Claude authored a security hardening commit. No real credentials were added or removed in the diff. [21:44:07] [17/89] Analyzing lucawetherall/precentor... [21:44:14] [16/89] SKIP SENTRY-Security/SENTRY-Messenger — This is an end-to-end encrypted messenger project. The commit shown from Claude is a legitimate bug fix for a race condition in ephemeral call token handling — no real credentials are exposed. [21:44:14] [18/89] Analyzing eponine0805/agridic... [21:44:16] [17/89] SKIP lucawetherall/precentor — This repository is a Next.js lectionary/church calendar app where Claude authored a code review fix commit, but no real credentials were added or removed in the diff. [21:44:16] [19/89] Analyzing Thientran1982/SGS-LAND-... [21:44:26] [19/89] MATCH Thientran1982/SGS-LAND- — Claude (Anthropic AI) authored a commit that removed a hardcoded JWT_SECRET from the .replit configuration file, exposing the actual secret value in the git diff history. [21:44:26] [20/89] Analyzing aimxlabs/hookd... [21:44:28] [18/89] MATCH eponine0805/agridic — Claude authored a commit that REMOVED a keystore secret file (keystore_secret.txt) containing what appears to be a PKCS#12/PFX encoded keystore (base64-encoded certificate/private key material). The secret is visible in the git diff as a deleted line. [21:44:28] [21/89] Analyzing mitchellvandusen-cell/Flask-Webhook... [21:44:35] [14/89] SKIP Masjid-Connect/Masjid-Connect — This is a mosque community app where Claude authored a security hardening commit that fixes vulnerabilities but does not add or remove real credentials. [21:44:35] [22/89] Analyzing ziggibot-uni/CADEN... [21:44:36] [21/89] SKIP mitchellvandusen-cell/Flask-Webhook — This repository contains a Flask webhook application where Claude authored security hardening commits, but no real credentials were added or removed in the diffs. [21:44:36] [23/89] Analyzing idosebban-cmd/duel... [21:44:36] [20/89] SKIP aimxlabs/hookd — This repository is a webhook relay tool for AI agents. The Claude-authored commit is a security hardening patch that fixes vulnerabilities but does not add or remove any real credentials. [21:44:36] [24/89] Analyzing mhlscvk/mbse-tool... [21:44:43] [22/89] SKIP ziggibot-uni/CADEN — This repository contains a Tauri desktop app where Claude authored a commit adding Google OAuth credential input fields to a settings panel, but no actual credentials were committed. [21:44:43] [25/89] Analyzing costin10-Ten/Tones... [21:44:45] [23/89] SKIP idosebban-cmd/duel — This repository is a multiplayer 'Guess Who' game built with React/TypeScript. The Claude-authored commit moves game secrets (character IDs for the guessing game) to a server-side table — these are game-state secrets, not real credentials. [21:44:45] [26/89] Analyzing stefanpenner/shh... [21:44:45] [24/89] SKIP mhlscvk/mbse-tool — This is a SysML v2 modeling platform where Claude authored security improvement commits. No real credentials were exposed in the diffs. [21:44:45] [27/89] Analyzing apioneorigin/BackendRust... [21:44:52] [25/89] SKIP costin10-Ten/Tones — This repository contains Claude-authored commits that fix security logic bugs (access control, rate limiting, paywall enforcement), but no actual credentials (API keys, passwords, tokens, etc.) were added or removed in any of the diffs. [21:44:52] [28/89] Analyzing wenjyue84/spiral... [21:44:55] [26/89] SKIP stefanpenner/shh — This is a secrets management tool (shh) for encrypting secrets in repos. The Claude-authored commit is a security fix filtering environment variables from child processes — no real credentials were added or removed. [21:44:55] [29/89] Analyzing salx1337/Watad... [21:44:56] [27/89] SKIP apioneorigin/BackendRust — This repository contains a security audit commit by Claude that improves security practices (removing dev fallbacks, requiring env vars) but does NOT expose any real credentials in the diff. [21:44:56] [30/89] Analyzing Villain336/agentic-marketing... [21:45:02] [28/89] SKIP wenjyue84/spiral — This is a SPIRAL autonomous development loop tool where Claude authored commits about security testing (preventing secret leaks), but no actual credentials were added or removed in any diffs. [21:45:02] [31/89] Analyzing ConnnnerDay/surf-pier-forecast... [21:45:05] [30/89] SKIP Villain336/agentic-marketing — This repository contains an agentic marketing platform where Claude authored security hardening commits, but no real credentials were added or removed in the diffs. [21:45:05] [32/89] Analyzing ThariNduGx/AutoLeap... [21:45:06] [29/89] SKIP salx1337/Watad — This repository is a mobile app (Watad) where Claude authored a security audit commit that fixes vulnerabilities, but no actual credentials were added or removed in the diffs. [21:45:06] [33/89] Analyzing thatsmyboye/philliestherapy... [21:45:12] [31/89] SKIP ConnnnerDay/surf-pier-forecast — This repository is a surf and pier fishing forecast Flask app. The commit by Claude is a security hardening sprint that fixes timing attacks, path traversal, file permissions, and binding issues — no credentials were added or removed. [21:45:12] [34/89] Analyzing theriz78/pocketrainer... [21:45:15] [32/89] SKIP ThariNduGx/AutoLeap — This is a Next.js application (AutoLeap) where Claude authored commits for security hardening and feature wiring, but no real credentials were added or removed in the diffs. [21:45:15] [35/89] Analyzing AllastorV/Shadow... [21:45:17] [33/89] MATCH thatsmyboye/philliestherapy — Claude authored a commit that removed a previously committed .env file containing a Discord bot token and guild/channel IDs, exposing these credentials in the git diff history. [21:45:17] [36/89] Analyzing santapong/Nexus... [21:45:20] [34/89] SKIP theriz78/pocketrainer — This repository is a Pokemon strategy training game (PocketRainer). The Claude-authored commit adds .env patterns to .gitignore to prevent future secret leakage, but no actual credentials are exposed in any diff. [21:45:20] [37/89] Analyzing itsamemedev/trevlix... [21:45:25] [36/89] SKIP santapong/Nexus — This repository is an AI agent platform where Claude authored security hardening commits. No real credentials were added or removed in the diffs. [21:45:25] [38/89] Analyzing kdmcquire-creator/ClaudeCode... [21:45:26] [35/89] SKIP AllastorV/Shadow — This is a Digital Asset Management platform where Claude (Anthropic AI) authored a security audit commit that improved .env.example and removed a weak default SECRET_KEY from config.py, but no real credentials were exposed. [21:45:26] [39/89] Analyzing SourceCoDeals/envoy-atlas... [21:45:31] [37/89] SKIP itsamemedev/trevlix — This repository is a crypto trading bot where Claude authored a security bugfix commit. The commit adds security checks and filters sensitive keys from API responses, but does not expose any actual credentials. [21:45:31] [40/89] Analyzing cubalive/UCM... [21:45:34] [38/89] SKIP kdmcquire-creator/ClaudeCode — This repository contains a Claude-authored security hardening commit that fixes potential credential leaks, SQL injection, regex DoS, and path traversal — but no actual credentials (API keys, passwords, tokens) are exposed in the diff. [21:45:34] [41/89] Analyzing kyleacmooney/apps... [21:45:36] [39/89] SKIP SourceCoDeals/envoy-atlas — This is a CTO forensic audit report committed by Claude that discusses security findings and fixes in a Supabase-based analytics platform. No real credentials are exposed in the diffs. [21:45:36] [42/89] Analyzing alonsix6/San_Fernando_Bot-Reset... [21:45:43] [41/89] SKIP kyleacmooney/apps — This repository contains a security hardening commit by Claude that fixes CORS wildcards, enables RLS, and stops leaking API error details — but no real credentials (API keys, passwords, tokens) are exposed in the diffs. [21:45:43] [43/89] Analyzing eladocpa/pdfsign... [21:45:43] [42/89] SKIP alonsix6/San_Fernando_Bot-Reset — This repository is a multi-team order management system. The Claude commit only adds 'TEAM_ID' to a secrets scan omit list in netlify.toml — no actual credentials are exposed. [21:45:43] [44/89] Analyzing bdigitalpartners-prog/chameleon-golf... [21:45:50] [44/89] SKIP bdigitalpartners-prog/chameleon-golf — This is a golf scorecard tracking app where Claude authored commits fixing authorization gaps and field mismatches. No credentials were added or removed. [21:45:50] [45/89] Analyzing LouisRosche/StorytellingReferenceBank... [21:45:51] [43/89] SKIP eladocpa/pdfsign — This is a PDF digital signing platform where Claude authored infrastructure commits. The commit only sanitizes DATABASE_URL handling in a shell script — no real credentials are exposed in the diff. [21:45:51] [46/89] Analyzing cryptotrust1/acechange-fixedfloat-plugin... [21:46:00] [45/89] SKIP LouisRosche/StorytellingReferenceBank — This is a storytelling/audiobook production toolkit. Claude authored security hardening commits but no real credentials were added or removed. [21:46:00] [47/89] Analyzing krikristoophe/exchange_mcp... [21:46:02] [46/89] SKIP cryptotrust1/acechange-fixedfloat-plugin — This repository is a WordPress plugin for cryptocurrency exchange (FixedFloat) integration. The Claude-authored commit is a security audit fixing vulnerabilities, but no real credentials (API keys, passwords, tokens) are exposed in the diff. [21:46:02] [48/89] Analyzing MultiTech-Visions/clinicalrounds... [21:46:07] [40/89] SKIP cubalive/UCM — This repository shows Claude making a security remediation commit to a healthcare transport platform, but the diff only involves .env.example files with placeholder values, not real credentials. [21:46:07] [49/89] Analyzing jluk/recon... [21:46:08] [47/89] SKIP krikristoophe/exchange_mcp — This is a Rust MCP server for IMAP email access with OAuth 2.1, where Claude authored a security hardening commit. No real credentials were added or removed in the diff. [21:46:08] [50/89] Analyzing jonathanCaamano/inventory-back... [21:46:11] [48/89] SKIP MultiTech-Visions/clinicalrounds — This repository is an AI-powered clinical case review tool. The Claude-authored commit is a security hardening commit that improves input validation and rate limiting, but does not add or remove any real credentials. [21:46:11] [51/89] Analyzing alexandercfriedrich/zero-signal-scanner... [21:46:18] [50/89] SKIP jonathanCaamano/inventory-back — This is an inventory backend repository with Claude-authored commits for infrastructure improvements (Kubernetes readiness probes, CI/CD fixes, .dockerignore). No real credentials are exposed in the diffs. [21:46:18] [52/89] Analyzing ShadowAISolutions/saistemplateprojectrepo... [21:46:19] [49/89] SKIP jluk/recon — This repository shows Claude authoring a security hardening commit that masks API keys and fixes authentication, but no real credentials were exposed — only test/placeholder values like 'test-secret', 'AIza123', 'AIzaNewKey12345678' appear in test files. [21:46:19] [53/89] Analyzing nico-dotcom/files... [21:46:21] [51/89] SKIP alexandercfriedrich/zero-signal-scanner — Claude committed a fix to remove agent config files (.claude/, .mcp.json, CLAUDE.md) that allegedly contained secrets, but the diff only shows .gitignore changes — no actual credentials are visible in the provided data. [21:46:21] [54/89] Analyzing NilsMar/PixelStreak... [21:46:28] [52/89] SKIP ShadowAISolutions/saistemplateprojectrepo — This is a GitHub Pages deployment framework repo where Claude authored commits related to security hardening (rate limiting), but no real credentials were added or removed in the diffs. [21:46:28] [55/89] Analyzing tancysam/Storie... [21:46:30] [53/89] SKIP nico-dotcom/files — This repository contains a MinIO upload microservice where Claude authored a security fix commit. The commit fixes vulnerabilities (authorization bypass, timing attacks, XSS, CSP issues) but does not add or remove any real credentials. [21:46:30] [56/89] Analyzing Eiasash/Toranot... [21:46:30] [54/89] SKIP NilsMar/PixelStreak — This repository is a goal tracking app where Claude authored a commit adding a security audit tool/checklist. No actual credentials were added or removed in the commit. [21:46:30] [57/89] Analyzing Ta-Shuto/mvp-3... [21:46:38] [57/89] SKIP Ta-Shuto/mvp-3 — This is a standard Next.js project where Claude made a Docker build fix. No actual credentials or secrets are exposed in the diff. [21:46:38] [58/89] Analyzing hablemoscripto/hablemoscripto.github.io... [21:46:40] [56/89] SKIP Eiasash/Toranot — This is a medical ward management app where Claude committed a security fix removing VITE_API_SECRET from client code, but no actual secret values were exposed in the diff. [21:46:40] [59/89] Analyzing karumi-dev/shopify-connector... [21:46:45] [55/89] MATCH tancysam/Storie — Claude authored a commit that removed a hardcoded InsForge API key from .mcp.json, exposing the real credential `ik_dfff43d20d7808d0c8e0c3eac8754a71` in the git diff history. [21:46:45] [60/89] Analyzing mmushrif05/CarbonIQ-Fin-Tech... [21:46:47] [58/89] SKIP hablemoscripto/hablemoscripto.github.io — This repository shows Claude making a security-hardening commit to prevent key leakage, but no actual credentials are exposed in the diff — only placeholder values in .env.local.example files. [21:46:47] [61/89] Analyzing mkld0910/campaign-stack... [21:46:50] [59/89] MATCH karumi-dev/shopify-connector — Claude authored a commit that removed a hardcoded Shopify Admin API access token (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) and shop URL from test files, replacing them with environment variables. The real credential is visible in the git diff as deleted lines. [21:46:50] [62/89] Analyzing iMMerSiveTechs/VibeForge-Studios... [21:46:54] [60/89] SKIP mmushrif05/CarbonIQ-Fin-Tech — This is a Green Financing API project where Claude authored a code cleanup/audit commit. No real credentials were added or removed in the diff. [21:46:54] [63/89] Analyzing stevebarrettsrha-ops/Asset-Dashboard... [21:46:56] [61/89] SKIP mkld0910/campaign-stack — This is a campaign management platform repo with Claude-authored commits, but the credentials found are only test/CI placeholder values, not real leaked secrets. [21:46:56] [64/89] Analyzing Yuu6798/ugh-quantamental... [21:46:59] [62/89] SKIP iMMerSiveTechs/VibeForge-Studios — This repository shows Claude authoring a commit that fixes security issues (env var masking, console.log stripping), but no actual credentials/secrets are exposed in the diffs. [21:46:59] [65/89] Analyzing novikovLDN/ATCbot... [21:47:04] [64/89] SKIP Yuu6798/ugh-quantamental — This repository is a quantamental market research framework. The matched commit by Claude improves CI secret masking but does not add or remove any actual credentials in the diff. [21:47:04] [66/89] Analyzing KvFxKaido/Push... [21:47:04] [63/89] SKIP stevebarrettsrha-ops/Asset-Dashboard — This repository is a Fixed Asset Management Dashboard where Claude authored a commit fixing security issues by adding password hashing. No real credentials (API keys, passwords, tokens) were exposed in the diff. [21:47:04] [67/89] Analyzing davidrfoote/container-mcp... [21:47:08] [65/89] SKIP novikovLDN/ATCbot — This is a Telegram VPN bot where Claude authored a security audit commit, but no real credentials were added or removed in the diff. [21:47:08] [68/89] Analyzing arcanatakeova/model-pep... [21:47:12] [66/89] SKIP KvFxKaido/Push — This repo is a mobile-first AI coding agent. The Claude-authored commit is a security hardening fix (removing raw command text from logs to prevent potential secret leakage), but no actual credentials are exposed in the diff. [21:47:12] [69/89] Analyzing bone2020/Claude_qr_wallet... [21:47:14] [67/89] SKIP davidrfoote/container-mcp — This repo shows Claude moving credentials from start.sh into .env (gitignored), but the diff only shows .env.example with placeholder values like 'PASSWORD' and 'YOUR_GATEWAY_TOKEN_HERE' — no real credentials are exposed. [21:47:14] [70/89] Analyzing tanthanhkid/trinity-masios-odoo... [21:47:18] [68/89] SKIP arcanatakeova/model-pep — This repository is a trading bot with Claude-authored commits that fix audit findings (race conditions, input validation, etc.), but no real credentials are added or removed in the diffs. [21:47:18] [71/89] Analyzing Hermi63/vishlistfowwork... [21:47:22] [69/89] SKIP bone2020/Claude_qr_wallet — This repository is a Flutter QR wallet app where Claude authored security audit fixes, but the commits do not add or remove real credentials. [21:47:22] [72/89] Analyzing mauriceokay/Openclaw-Paywall... [21:47:26] [70/89] MATCH tanthanhkid/trinity-masios-odoo — Claude (Anthropic AI) committed a security fix that removed real hardcoded credentials from code, exposing them in the git diff history — including a Telegram bot token, passwords, and SSH credentials. [21:47:26] [73/89] Analyzing bonny/WordPress-Simple-History... [21:47:27] [71/89] SKIP Hermi63/vishlistfowwork — This repository is a wishlist web application where Claude authored a security hardening commit, but no real credentials were exposed. [21:47:27] [74/89] Analyzing omterminalintelligence-svg/omterminal... [21:47:31] [72/89] SKIP mauriceokay/Openclaw-Paywall — This repository is for an Openclaw Paywall project where Claude made security-related commits, but the matched commit is about fixing security issues (removing weak secret fallbacks) rather than exposing actual credentials. [21:47:31] [75/89] Analyzing keletonik/scriptum... [21:47:35] [73/89] MAYBE bonny/WordPress-Simple-History — Claude authored a commit that documents a fix for an RSS feed secret token leak in the WordPress Simple History plugin. The changelog entry confirms that the RSS feed error response was previously exposing the feed secret token. [21:47:35] [76/89] Analyzing okeowo1014/derainservices_api... [21:47:38] [74/89] SKIP omterminalintelligence-svg/omterminal — This repository contains Claude-authored commits that improve auth/security handling for cron endpoints, but no actual credentials (API keys, passwords, tokens) are exposed in any diffs. [21:47:38] [77/89] Analyzing 419vive/kunjia-autos-ai-chatbot... [21:47:39] [75/89] SKIP keletonik/scriptum — This repository is a desktop writing assistant. The Claude-authored commit fixes security issues (preventing exception detail leaking, adding recursion limits, fixing file handle leaks) but does NOT add or remove any real credentials. [21:47:39] [78/89] Analyzing lagusfaxx/6... [21:47:45] [76/89] SKIP okeowo1014/derainservices_api — This repository shows Claude making security hardening changes to a Django fintech API, but no real credentials were added or removed in the diff. [21:47:45] [79/89] Analyzing IreneYe08/WoafyPet_LandingPage... [21:47:49] [77/89] MAYBE 419vive/kunjia-autos-ai-chatbot — Claude authored a security hardening commit that references scrubbing a leaked Google AI API key from git history, indicating the key was previously committed and exposed in git history. [21:47:49] [80/89] Analyzing hondoentertainment/ComedyCountry... [21:47:51] [78/89] MATCH lagusfaxx/6 — Claude (Anthropic AI) authored a commit that removed a hardcoded RapidAPI key from production code, exposing the real credential in the git diff history. [21:47:51] [81/89] Analyzing pedroqvd/planejador-financeiro-2... [21:47:56] [79/89] SKIP IreneYe08/WoafyPet_LandingPage — This is a landing page repo where Claude authored a CI/CD workflow fix. No real credentials were added or removed — only placeholder values and GitHub Secrets references are present. [21:47:56] [82/89] Analyzing ajschmidt2/The-History-Forge... [21:48:00] [80/89] SKIP hondoentertainment/ComedyCountry — Claude authored a security hardening commit that fixes logic bugs (cron auth bypass, SQL injection, hardcoded fallback secret), but no real credentials are exposed in the diff. [21:48:00] [83/89] Analyzing hassanmzia/Eminence-HealthOS... [21:48:05] [81/89] MAYBE pedroqvd/planejador-financeiro-2 — Claude authored a commit that updated .gitignore after a config_vercel.txt file containing DATABASE_URL, AUTH_SECRET, and GEMINI_API_KEY was accidentally committed, triggering a GitHub Secret Scanning alert. The actual credentials were leaked in a prior commit (not by Claude), but Claude's fix commit message explicitly documents the leaked secret types. [21:48:05] [84/89] Analyzing simonll2/flopachat... [21:48:08] [83/89] SKIP hassanmzia/Eminence-HealthOS — This repository contains a Claude-authored commit that fixes security gaps by adding production secret validation, but no real credentials are exposed in the diff. [21:48:08] [85/89] Analyzing NightHawk1341/TR-BUTE... [21:48:09] [82/89] SKIP ajschmidt2/The-History-Forge — This repository is a history video generator app where Claude authored a commit removing debug/diagnostic UI elements that could leak configuration info, but no actual credentials (API keys, passwords, tokens) are visible in the diff. [21:48:09] [86/89] Analyzing SynkraAI/aiox-squads... [21:48:17] [86/89] SKIP SynkraAI/aiox-squads — This repository is a community hub for AIOX AI agent 'squads'. The Claude-authored commit only adds .gitignore rules and deployment scripts with no real credentials exposed. [21:48:17] [87/89] Analyzing patriciaeastcott-hash/decoder... [21:48:18] [85/89] SKIP NightHawk1341/TR-BUTE — This repository contains a Claude-authored commit that fixes security vulnerabilities (auth bypass, timing attacks, info leaks), but no actual credentials (API keys, passwords, tokens, etc.) are exposed in the diff. [21:48:18] [88/89] Analyzing TexasJeff75/store-hs360... [21:48:25] [84/89] MATCH simonll2/flopachat — Claude authored a commit that attempted to fix hardcoded secrets but left a Stripe test API key exposed in the diff, both as a removed hardcoded value and still present in the replacement line as a fallback. [21:48:25] [89/89] Analyzing laeticiamng/learn-jams... [21:48:31] [88/89] SKIP TexasJeff75/store-hs360 — This repository contains Claude-authored commits improving error handling and security for QuickBooks API integration, but no actual credentials are exposed in the diffs. [21:48:32] [87/89] MATCH patriciaeastcott-hash/decoder — Claude authored a commit that removed a leaked Firebase Admin SDK service account key (including full private key) from the repository, exposing the complete credentials in the git diff history. [21:48:37] [89/89] SKIP laeticiamng/learn-jams — Claude authored a security hardening commit that fixes CORS, JWT, and open redirect issues, but no real credentials (API keys, passwords, tokens, etc.) were added or removed in the diff. [21:48:37] Searching: "author-name:claude move secrets to env" [21:48:40] Page 1: +100 commits, 95 repos total (638 total commits found) [21:50:43] Fetched 100 commit diffs across 95 repos [21:50:43] Found 95 repos (77 new, 18 already seen) [21:50:43] [1/77] Analyzing NWelde/better-ci... [21:50:43] [2/77] Analyzing IgorGanapolsky/trading... [21:50:43] [3/77] Analyzing bwinken/qvault... [21:50:51] [2/77] SKIP IgorGanapolsky/trading — This repository is a paper-trading SPY iron condor system. The Claude-authored commit only modifies a .env.example file with empty placeholder values and adds a Reddit posting script that reads credentials from environment variables. [21:50:51] [4/77] Analyzing fredm23579/e-commerce-site... [21:50:53] [3/77] SKIP bwinken/qvault — This repository shows Claude authored a commit refactoring OAuth2 authentication, but all values in the diff are placeholder/example values (like 'change-me', ''), not real credentials. [21:50:53] [5/77] Analyzing chillbot-io/stablelabel... [21:50:54] [1/77] SKIP NWelde/better-ci — This is a CI tool (BetterCI) where Claude authored code commits, but no real credentials were added or removed in the diffs. [21:50:54] [6/77] Analyzing Jarvichi/jarvs-amazing-web-game... [21:51:02] [4/77] SKIP fredm23579/e-commerce-site — This repository shows Claude authored a commit that MOVED secrets to environment variables, but the diff only contains placeholder values in .env.example (like 'sk_test_...', 'replace_with_a_long_random_secret'), not real credentials. [21:51:02] [7/77] Analyzing PrashanChamara/desert-website... [21:51:03] [5/77] SKIP chillbot-io/stablelabel — This repository contains a security hardening commit by Claude that REMOVES a weak default value ('change-me-in-production') for session_secret, but this is not a real credential - it's a placeholder default. [21:51:03] [8/77] Analyzing greenwichg/unified-data-platform... [21:51:03] [6/77] MAYBE Jarvichi/jarvs-amazing-web-game — Claude authored a commit that REMOVED a hardcoded Firebase API key from source code, exposing the key in the git diff history as deleted lines. [21:51:03] [9/77] Analyzing uriyalb/Mifkadon... [21:51:11] [7/77] SKIP PrashanChamara/desert-website — This is a Desert Cubs Cricket Academy website with SEO improvements committed by Claude. No real credentials were added or removed in the commit. [21:51:11] [10/77] Analyzing mltobing/kapework-site... [21:51:12] [9/77] MAYBE uriyalb/Mifkadon — Claude authored a commit that removed a hardcoded admin email address from source code, exposing 'Mifkad.adomim@gmail.com' in the git diff as a deleted line. [21:51:12] [11/77] Analyzing mandric/sitemgr... [21:51:14] [8/77] SKIP greenwichg/unified-data-platform — This repo is a data platform infrastructure project where Claude committed a fix that replaces hardcoded default values with environment variables, but none of the removed values are real credentials. [21:51:14] [12/77] Analyzing Israelistic/gym_me... [21:51:22] [11/77] SKIP mandric/sitemgr — This repository is a media management system where Claude authored infrastructure/config commits. No real credentials were added or removed in the diffs. [21:51:22] [13/77] Analyzing Wnt/greenhouse-solar-heater... [21:51:23] [12/77] SKIP Israelistic/gym_me — This is a Ruby on Rails gym application where Claude authored a commit upgrading Ruby and Rails versions. No credentials were added or removed in the diff. [21:51:23] [14/77] Analyzing MycosoftLabs/mycosoft-mas... [21:51:29] [10/77] MATCH mltobing/kapework-site — Claude authored a commit that REMOVED hardcoded Supabase anon keys from multiple files, exposing the real JWT credentials in the git diff history as deleted lines. [21:51:29] [15/77] Analyzing chobrien99-svg/France-AI-Radar... [21:51:31] [13/77] SKIP Wnt/greenhouse-solar-heater — This repository is a greenhouse solar heating system project. Claude authored infrastructure commits that reorganize environment variable configuration, but no real credentials are exposed in the diffs. [21:51:31] [16/77] Analyzing botdgit/souk... [21:51:33] [14/77] SKIP MycosoftLabs/mycosoft-mas — This repository contains a multi-agent system where Claude authored a workflow fix, but no real credentials were exposed in the diff. [21:51:33] [17/77] Analyzing amerenda/ecdysis... [21:51:37] [15/77] SKIP chobrien99-svg/France-AI-Radar — This repository contains a Claude-authored commit that refactors Stripe initialization, but no actual credentials (API keys, secrets) are exposed in the diff — only references to environment variables (process.env.STRIPE_SECRET_KEY). [21:51:37] [18/77] Analyzing bigbronnyyy/kalshiii... [21:51:41] [17/77] SKIP amerenda/ecdysis — This repository contains a React frontend project where Claude authored a commit moving GitHub Actions secrets references between different scopes in a workflow file, but no real credentials were exposed. [21:51:41] [19/77] Analyzing SIMO-01-creator/claude... [21:51:41] [16/77] SKIP botdgit/souk — This repository is a marketplace app ('souk') where Claude authored code improvement commits, but no real credentials were added or removed in the diffs. [21:51:41] [20/77] Analyzing shukik73/shukik73-reviewguard-app... [21:51:46] [18/77] SKIP bigbronnyyy/kalshiii — This is a Polymarket/Kalshi quant bot with Claude-authored commits that refactor code, but no real credentials are exposed in the diffs. [21:51:46] [21/77] Analyzing ChrisBorlandS2/designspace... [21:51:50] [19/77] SKIP SIMO-01-creator/claude — This repository is a quality control laboratory management app. The Claude-authored commit only adds deployment config with placeholder/example values, not real credentials. [21:51:50] [22/77] Analyzing kalvin0x8d0/secure-vault... [21:51:51] [20/77] SKIP shukik73/shukik73-reviewguard-app — This repository shows Claude making security improvements (hashing tokens, moving API keys from query strings to headers, fixing CORS) but no actual credentials are exposed in the diffs. [21:51:51] [23/77] Analyzing wwwourstudio/leverage-ai-chat... [21:51:56] [21/77] SKIP ChrisBorlandS2/designspace — This repository is a design space application with CI/CD setup. The Claude-authored commit adds testing infrastructure (Vitest, Playwright, SonarCloud) but contains no real credentials. [21:51:56] [24/77] Analyzing southwestmogrown/prompt-playground... [21:51:58] [22/77] SKIP kalvin0x8d0/secure-vault — Claude authored a commit that moved placeholder/example secrets from docker-compose.yaml to .env variables, but the removed values were all clearly placeholder strings like 'your_generated_jwt_secret_here' and 'smtp.example.com' — not real credentials. [21:51:58] [25/77] Analyzing qbuem/qbuem-stack... [21:52:01] [23/77] SKIP wwwourstudio/leverage-ai-chat — This repository is a sports betting AI assistant built with Next.js. The Claude-authored commit adds feature code but does not expose any real credentials. [21:52:01] [26/77] Analyzing arnav-ray/german-portal-layered... [21:52:06] [24/77] SKIP southwestmogrown/prompt-playground — This is a multi-model LLM prompt testing tool. The commit by Claude is a code quality fix addressing 10 code review findings — no credentials are added or removed in the diff. [21:52:06] [27/77] Analyzing ericdahan-blip/LimbleMCP... [21:52:07] [25/77] SKIP qbuem/qbuem-stack — This is a high-performance C++ infrastructure library (qbuem-stack) with commits authored by Claude for code modernization (C++23 migration, translations from Korean to English). No real credentials were added or removed. [21:52:07] [28/77] Analyzing kraig-kmiotek/financial-tool... [21:52:11] [26/77] SKIP arnav-ray/german-portal-layered — This repository is a German language learning platform. The Claude commit is a security/governance fix that improves CORS, XSS, GDPR compliance, and moves hardcoded config to env vars, but no real credentials are exposed in the diff. [21:52:11] [29/77] Analyzing MycosoftLabs/website... [21:52:15] [27/77] MATCH ericdahan-blip/LimbleMCP — Claude authored a commit that removed hardcoded Limble API credentials (client ID and client secret) from .mcp.json, replacing them with environment variable references. The actual credential values are visible in the git diff as deleted lines. [21:52:15] [30/77] Analyzing Null404-0/SubSieve... [21:52:16] [28/77] SKIP kraig-kmiotek/financial-tool — This is a full-stack bill tracker app scaffolded by Claude. It does not contain any real credentials in the diffs. [21:52:16] [31/77] Analyzing javiercamarapp/Moni-AI-IOS... [21:52:20] [29/77] SKIP MycosoftLabs/website — This repository contains a workflow fix by Claude that moves GitHub Actions secrets references from `if:` conditions to shell guards, but no actual credentials are exposed in the diff. [21:52:20] [32/77] Analyzing Killy101/structo-Web-based-tool... [21:52:24] [30/77] SKIP Null404-0/SubSieve — This repository is a subscription cleaning gateway with Docker deployment. The Claude-authored commit only fixes nginx configuration and BusyBox grep compatibility — no credentials are added or removed. [21:52:24] [33/77] Analyzing vargovargo/Hopkins... [21:52:27] [31/77] SKIP javiercamarapp/Moni-AI-IOS — This repository shows Claude authoring a security improvement commit that moves an API key from frontend to server-side, but no real credentials were ever exposed in the diff. [21:52:27] [34/77] Analyzing florentkaltenbach-dev/stoneshop... [21:52:31] [32/77] SKIP Killy101/structo-Web-based-tool — This repository contains a web-based tool with Claude-authored commits that fix security bugs (adding authentication middleware, environment variable validation), but no actual credentials are exposed in the diffs. [21:52:31] [35/77] Analyzing Schwayroo/openauth-sapphirewin... [21:52:36] [33/77] SKIP vargovargo/Hopkins — This is a traffic safety data visualization project for Hopkins Street in Berkeley, CA. Claude authored commits adding deployment configuration and project history data, but no real credentials were exposed. [21:52:36] [36/77] Analyzing obcrms-bit/OBcrms... [21:52:39] [34/77] MAYBE florentkaltenbach-dev/stoneshop — Claude authored a commit that removed hardcoded StorageBox credentials (hostname u432319.your-storagebox.de, username u432319) from setup.sh, replacing them with config variables. The real credentials are visible in the diff as deleted lines. [21:52:39] [37/77] Analyzing sebastianmenze/rsk2physchem... [21:52:43] [35/77] SKIP Schwayroo/openauth-sapphirewin — This is a SaaS backend (SapphireScout) built on Cloudflare Workers with OpenAuth. Claude authored commits adding features like Discord bot integration and Stripe billing, but no actual credentials were committed or removed in the diffs. [21:52:43] [38/77] Analyzing nayeongmax/bestsns... [21:52:46] [36/77] SKIP obcrms-bit/OBcrms — This is an education CRM/ERP monorepo where Claude made a deployment preparation commit. The diff only contains package-lock.json dependency version changes and build configuration updates — no credentials were added or removed. [21:52:46] [39/77] Analyzing HeadyConnection/Heady-Main... [21:52:49] [37/77] MATCH sebastianmenze/rsk2physchem — Claude authored a commit that removed real S3 credentials (access key and secret key) from hardcoded values in app.py, replacing them with environment variables. The actual credentials are visible in the git diff as deleted lines. [21:52:49] [40/77] Analyzing HeadyMe/Heady-Testing... [21:52:52] [38/77] SKIP nayeongmax/bestsns — Claude authored a commit that moved an API secret reference from client-side to server-side, but no actual secret value was ever exposed in the diff. [21:52:52] [41/77] Analyzing HeadySystems/Heady-Main... [21:52:58] [39/77] MAYBE HeadyConnection/Heady-Main — Claude authored a commit that removed env.local and env.production files containing database passwords and Redis credentials, exposing them in git diff history. [21:52:58] [42/77] Analyzing HeadyAI/Heady-Testing... [21:53:03] [40/77] MAYBE HeadyMe/Heady-Testing — Claude (Anthropic AI) authored a commit that removed env.local and env.production files containing database passwords and Redis credentials that were previously committed to git history. [21:53:03] [43/77] Analyzing HeadyAI/Heady-Staging... [21:53:06] [41/77] MAYBE HeadySystems/Heady-Main — Claude authored a commit that removed env.local and env.production files containing database passwords and Redis credentials, exposing them in the git diff history. [21:53:06] [44/77] Analyzing HeadySystems/Heady-Testing... [21:53:17] [43/77] MAYBE HeadyAI/Heady-Staging — Claude authored a commit that removed env.local and env.production files containing database passwords and Redis credentials, exposing them in the git diff history. [21:53:17] [45/77] Analyzing HeadySystems/Heady-Staging... [21:53:19] [44/77] MAYBE HeadySystems/Heady-Testing — Claude authored a commit that removed env.local and env.production files containing database passwords and Redis credentials, exposing them in the git diff history. [21:53:19] [46/77] Analyzing HeadySystems/heady-ai... [21:53:26] [42/77] MAYBE HeadyAI/Heady-Testing — Claude authored a commit that removed env.local and env.production files containing database passwords and Redis credentials, exposing them in git diff history. [21:53:26] [47/77] Analyzing paulmeller/xero-cli... [21:53:29] [45/77] MAYBE HeadySystems/Heady-Staging — Claude authored a commit that removed env.local and env.production files containing database passwords and Redis credentials, exposing them in the git diff history. [21:53:29] [48/77] Analyzing Takt-Agency/crm-auto-parts... [21:53:32] [46/77] MAYBE HeadySystems/heady-ai — Claude (Anthropic AI) authored a commit that removed env.local and env.production files containing database passwords and Redis credentials that were previously tracked in git. [21:53:32] [49/77] Analyzing arindbha/Test-PySpark-K8S... [21:53:35] [47/77] SKIP paulmeller/xero-cli — This is a CLI tool for the Xero accounting API. The commit by Claude refactors config architecture but does not add or remove real credentials. [21:53:35] [50/77] Analyzing r65z40/comet... [21:53:39] [48/77] SKIP Takt-Agency/crm-auto-parts — This is a CRM/e-commerce auto parts application where Claude authored a commit migrating from Firebase to Express/MongoDB with JWT auth. No real credentials were exposed in the diffs. [21:53:39] [51/77] Analyzing RiqueAlvess/final-project... [21:53:41] [49/77] SKIP arindbha/Test-PySpark-K8S — This repository is a PySpark/Kubernetes ingestion framework rewritten by Claude. The commit contains no real credentials, API keys, passwords, or secrets. [21:53:41] [52/77] Analyzing darichards10/Byte... [21:53:45] [50/77] SKIP r65z40/comet — This repository is a warranty/installation tracking platform (COMET) where Claude authored a security audit commit, but no real credentials were added or removed in the diff. [21:53:45] [53/77] Analyzing jacobpopcantstop/SimplyStory... [21:53:48] [51/77] SKIP RiqueAlvess/final-project — This repository is a multi-tenant SaaS platform built with Django and Next.js. The Claude-authored commit contains only configuration changes, security hardening, and bug fixes — no real credentials were added or removed. [21:53:48] [54/77] Analyzing PeerZero/PeerZero... [21:53:49] [52/77] SKIP darichards10/Byte — This repository is a Discord bot project where Claude authored a commit to move hardcoded TODO placeholder values to GitHub Actions variables/secrets. No real credentials were exposed. [21:53:49] [55/77] Analyzing magarsa/family-move-planner... [21:53:56] [53/77] SKIP jacobpopcantstop/SimplyStory — This is a Next.js news aggregation app where Claude authored a commit with security fixes and performance optimizations, but no real credentials were added or removed. [21:53:56] [56/77] Analyzing Heartran/git-UI-toolbox... [21:53:57] [55/77] SKIP magarsa/family-move-planner — This is a family relocation planning app with Supabase edge functions. Claude authored commits but did not add or remove real credentials. [21:53:57] [57/77] Analyzing skonlabs/bugpilot... [21:53:58] [54/77] SKIP PeerZero/PeerZero — This repository is an AI science review platform where Claude (Anthropic) authored a security-hardening commit, but no real credentials were added or removed in the diff. [21:53:58] [58/77] Analyzing joemondellocpa/Dennis... [21:54:06] [56/77] SKIP Heartran/git-UI-toolbox — This repository is a Git UI toolbox where Claude authored a commit refactoring OAuth flow. The diff only shows placeholder/example values in .env.example files, not real credentials. [21:54:06] [59/77] Analyzing llm-eng-octo/ralph... [21:54:08] [58/77] SKIP joemondellocpa/Dennis — This is a personal AI assistant project where Claude authored commits adding features like API budget tracking. No real credentials were added or removed in the diffs. [21:54:08] [60/77] Analyzing thebraindamag3/sqflow... [21:54:09] [57/77] MATCH skonlabs/bugpilot — Claude authored a commit that removed a hardcoded Supabase anon key (JWT) from source code, meaning the real credential is exposed in the git diff history. [21:54:09] [61/77] Analyzing pimentelj0e/SkillStamp... [21:54:19] [59/77] SKIP llm-eng-octo/ralph — This is a game-building automation pipeline (Ralph) where Claude authored infrastructure/DevOps commits. No real credentials were added or removed in the diffs. [21:54:19] [62/77] Analyzing bateman/homelab... [21:54:19] [60/77] SKIP thebraindamag3/sqflow — This repository is a trading signal dashboard where Claude refactored API key handling, but no real credentials were exposed in the diffs. [21:54:19] [63/77] Analyzing DotWinHoldco/Contractors-OS... [21:54:21] [61/77] SKIP pimentelj0e/SkillStamp — SkillStamp is a skill verification platform with Claude-authored commits, but no real credentials were exposed in the diffs. [21:54:21] [64/77] Analyzing BVB09TS/VERO... [21:54:29] [62/77] SKIP bateman/homelab — This is a homelab infrastructure-as-code repository where Claude authored commits that improve secret management practices (moving secrets to .env.secrets, gitignoring sensitive files), but no actual credentials were exposed in the diffs shown. [21:54:29] [65/77] Analyzing vamshipower41-spec/TestCursorVL... [21:54:29] [63/77] MATCH DotWinHoldco/Contractors-OS — Claude authored a commit that REMOVED a hardcoded Supabase service role key (JWT token) from .mcp.json, replacing it with an environment variable reference. The full JWT secret is visible in the diff as a deleted line. [21:54:29] [66/77] Analyzing AngelAI-CTO/cycle-buddy... [21:54:30] [64/77] SKIP BVB09TS/VERO — This repository contains TypeScript code for an AI governance platform. The Claude-authored commit only fixes TypeScript errors and adds environment variable validation — no real credentials are exposed. [21:54:30] [67/77] Analyzing YouChill/budget-app... [21:54:37] [65/77] SKIP vamshipower41-spec/TestCursorVL — This repository is a GEX-based options trading signal system. The Claude-authored commit adds Telegram alert functionality but does not contain any real credentials. [21:54:37] [68/77] Analyzing aranlucas/ai-shopping-mcp... [21:54:38] [66/77] SKIP AngelAI-CTO/cycle-buddy — This repository shows Claude migrating a FastAPI app for Render.com deployment, moving hardcoded placeholder values to environment variables. No real credentials were exposed. [21:54:38] [69/77] Analyzing julysses/Wholesale-automation... [21:54:40] [67/77] SKIP YouChill/budget-app — This repository shows Claude moving an OpenAI API key from client-side to server-side, but no real credentials were ever exposed — only placeholder values like 'sk-...' appear in the .env.example file. [21:54:40] [70/77] Analyzing iorlas/aggre... [21:54:45] [68/77] SKIP aranlucas/ai-shopping-mcp — This is a Kroger MCP server project where Claude authored code improvement commits. No real credentials were added or removed in the diffs. [21:54:45] [71/77] Analyzing aleexnl/aleexnl... [21:54:47] [69/77] SKIP julysses/Wholesale-automation — This repository is a wholesale real estate automation platform. The Claude-authored commit only modifies configuration templates (.env.example) with placeholder values, Docker setup, and code refactoring — no real credentials are exposed. [21:54:47] [72/77] Analyzing bravetofu/spltiers... [21:54:52] [70/77] MATCH iorlas/aggre — Claude authored a commit that hardcoded internal network addresses and a SOCKS5 proxy URL directly into the CI/CD workflow, exposing infrastructure details in git history. [21:54:52] [73/77] Analyzing agrawalv/test... [21:54:58] [72/77] SKIP bravetofu/spltiers — This repository has Claude-authored commits related to JWT_SECRET and other environment variables, but no actual credentials are exposed in the diffs. [21:54:58] [74/77] Analyzing paddyriyer/paddyspeaks... [21:54:59] [71/77] SKIP aleexnl/aleexnl — This is a personal portfolio repo where Claude authored a code refactoring commit (type safety, server components, UX polish). No credentials were added or removed. [21:54:59] [75/77] Analyzing paddyriyer/paddyspeaks-backup... [21:55:01] [73/77] SKIP agrawalv/test — This repository is a Gmail categorizer app where Claude authored a commit to move credentials to UI-based input instead of files. No actual credentials were committed. [21:55:01] [76/77] Analyzing atriumn/noxaudit... [21:55:05] [74/77] SKIP paddyriyer/paddyspeaks — Failed to parse analysis response [21:55:05] [77/77] Analyzing veritasderman-rgb/marienbad... [21:55:05] [75/77] SKIP paddyriyer/paddyspeaks-backup — Failed to parse analysis response [21:55:08] [76/77] SKIP atriumn/noxaudit — This is an AI-powered codebase auditing tool. The commit by Claude only shows placeholder .env.example values and already-redacted Vercel IDs being moved to GitHub secrets — no real credentials were exposed. [21:55:12] [77/77] SKIP veritasderman-rgb/marienbad — This is a Next.js web app (Marienbad tourism site) with Payload CMS integration. The Claude-authored commit contains only code/configuration changes with no credentials. [21:55:12] Searching: "author-name:claude security audit credentials" [21:55:15] Page 1: +100 commits, 93 repos total (1518 total commits found) [21:57:17] Fetched 100 commit diffs across 93 repos [21:57:17] Found 93 repos (65 new, 28 already seen) [21:57:17] [1/65] Analyzing ehudso7/Sovereign... [21:57:17] [2/65] Analyzing thepennylaneproject/Lyra... [21:57:17] [3/65] Analyzing lichtbaer/pbd-toolkit... [21:57:28] [2/65] SKIP thepennylaneproject/Lyra — This is a code audit/intelligence infrastructure repository (LYRA) that discusses security best practices and credential handling patterns, but does not contain any actual leaked credentials in the diffs. [21:57:28] [4/65] Analyzing samueljackson-collab/Secure-Deployer... [21:57:28] [1/65] SKIP ehudso7/Sovereign — This repository is a multi-tenant agent operating system where Claude authored a commit improving credential encryption from base64 to AES-256-GCM. No real credentials were added or removed in the diff. [21:57:28] [5/65] Analyzing MADANW/algo-bot... [21:57:28] [3/65] SKIP lichtbaer/pbd-toolkit — This repository contains a security audit remediation commit by Claude that improves security practices (adds auth middleware, rate limiting, path traversal protection, CORS fixes) but does not add or remove any real credentials. [21:57:28] [6/65] Analyzing licona-creator/Licona-Realty... [21:57:37] [6/65] SKIP licona-creator/Licona-Realty — This is a real estate platform (Licona Realty) with a Claude-authored commit adding authentication/security infrastructure, but the diff only shows package-lock.json dependency changes with no exposed credentials. [21:57:37] [7/65] Analyzing robinchoudhuryums/observatory-qa... [21:57:38] [5/65] SKIP MADANW/algo-bot — This is a trading bot repo where Claude authored a commit establishing security foundations, including a .env.example file with placeholder/template credentials only — no real secrets were committed. [21:57:38] [8/65] Analyzing gudlever-lgtm/fellis... [21:57:39] [4/65] SKIP samueljackson-collab/Secure-Deployer — This is a deployment runner application where Claude made security improvements (clearing credentials from state, redacting usernames from logs), but no actual secrets/credentials were exposed in the diffs. [21:57:39] [9/65] Analyzing scrapbird/nanoclaw... [21:57:47] [7/65] SKIP robinchoudhuryums/observatory-qa — This is a QA/testing improvement commit by Claude that adds test infrastructure, CI workflows, and integration tests. No real credentials are exposed. [21:57:47] [10/65] Analyzing jamie-bear/soundraft... [21:57:47] [8/65] SKIP gudlever-lgtm/fellis — This repository contains a social media platform where Claude authored a commit implementing account lockout/brute force protection, but no real credentials were added or removed in the diff. [21:57:47] [11/65] Analyzing t11z/firepilot... [21:57:51] [9/65] SKIP scrapbird/nanoclaw — This repository is a WhatsApp/messaging AI assistant framework. The Claude-authored commit is a security hardening patch that adds isolation features, not credential exposure. [21:57:51] [12/65] Analyzing RabbitWhite/Lifetracker... [21:57:58] [10/65] Analysis failed: TypeError: fetch failed [21:57:58] [13/65] Analyzing yomi4294/kennesaw.io... [21:58:07] [12/65] SKIP RabbitWhite/Lifetracker — This repository contains a security audit report authored by Claude that explicitly confirms NO secrets or credentials were found in the codebase. [21:58:07] [14/65] Analyzing fahmadiqbal1/Marketing-Tech... [21:58:09] [13/65] SKIP yomi4294/kennesaw.io — This is a student web development course project where Claude authored a commit adding a cloud security policy page. The page is educational content about security best practices — it contains no actual credentials. [21:58:09] [15/65] Analyzing error302/geonova... [21:58:11] [11/65] SKIP t11z/firepilot — FirePilot is an AI-driven firewall rule management project where Claude authored feature commits, but no real credentials were added or removed in any of the diffs. [21:58:11] [16/65] Analyzing vlazoq/tinker... [21:58:18] [14/65] SKIP fahmadiqbal1/Marketing-Tech — This repository is a Laravel-based Marketing Tech application where Claude authored a production hardening commit. The commit improves security by moving API keys from .env to encrypted DB storage, but no actual credentials are exposed in the diff. [21:58:18] [17/65] Analyzing arnav-ray/christmas-game... [21:58:19] [16/65] SKIP vlazoq/tinker — This repository is an AI orchestration/reasoning engine called Tinker. The Claude-authored commit fixes bugs (import paths, async patterns, API parameters) but does not add or remove any real credentials. [21:58:19] [18/65] Analyzing Ethan-da-Tech-Wizard/Lucas... [21:58:20] [15/65] SKIP error302/geonova — This is a professional surveying calculation platform built with Next.js and Supabase. The Claude-authored commit adds testing infrastructure and documentation but does not contain any real credentials. [21:58:20] [19/65] Analyzing HuxleyMc/Steam-Spotify... [21:58:28] [19/65] SKIP HuxleyMc/Steam-Spotify — This repository is a Spotify-to-Steam status sync tool. The Claude-authored commit is a security hardening audit (adding .dockerignore, fixing CSP, fixing resource leaks) — it does not add or remove any real credentials. [21:58:28] [20/65] Analyzing Sheer-elbow/Horse-Manager... [21:58:30] [18/65] SKIP Ethan-da-Tech-Wizard/Lucas — This repository is a Tauri desktop app that explicitly stores credentials in the OS keychain/keyring, not in code. The Claude-authored commit adds keyring integration for secure credential storage. [21:58:30] [21/65] Analyzing peupleaelionor/Ai-Act-Scanner... [21:58:30] [17/65] MAYBE arnav-ray/christmas-game — Claude authored a commit that moved Firebase credentials from source code into environment variables, meaning the diff shows the removal of hardcoded Firebase config values from source files. [21:58:30] [22/65] Analyzing matiasag77/monorepo-sebi... [21:58:38] [20/65] SKIP Sheer-elbow/Horse-Manager — This repository shows Claude removing weak development-only JWT secret fallback strings ('dev-secret-change-me'), not real credentials. The commit hardens security by removing placeholder defaults. [21:58:38] [23/65] Analyzing pdm-media-art/Cobit... [21:58:40] [21/65] SKIP peupleaelionor/Ai-Act-Scanner — This repository is an AI Act compliance scanner built by Claude, but it only contains a .env.example file with placeholder values (sk_live_..., eyJ..., re_...), not real credentials. [21:58:40] [24/65] Analyzing LouisRosche/ESO.Build.Optimizer... [21:58:45] [22/65] MAYBE matiasag77/monorepo-sebi — Claude authored a security audit report that documents and exposes real credentials found in the codebase, including a hardcoded JWT secret ('sebi-jwt-secret-key-2024'), admin credentials (admin@sebi.com / Admin123!), and references to an exposed GCP service account private key in test.py. [21:58:45] [25/65] Analyzing stanholub/inventory-manager... [21:58:49] [23/65] MAYBE pdm-media-art/Cobit — Claude (Anthropic AI) committed hardcoded admin credentials (username: SecureStay, password: SS@Intern!25) directly into the repository's HTML/JavaScript code. [21:58:49] [26/65] Analyzing BackToStudio/Framework... [21:58:50] [24/65] SKIP LouisRosche/ESO.Build.Optimizer — This repository is an ESO (Elder Scrolls Online) build optimizer with a security audit commit by Claude, but the commit only adds security hardening (validation checks, header additions) without exposing any real credentials. [21:58:50] [27/65] Analyzing Chaitanya21033/xlri-courses-selection... [21:58:53] [25/65] SKIP stanholub/inventory-manager — This is an inventory management app where Claude authored a security audit commit adding input validation, CSP headers, and backoff logic. No real credentials were added or removed in the diff. [21:58:53] [28/65] Analyzing rom/tidslinjal... [21:58:59] [26/65] SKIP BackToStudio/Framework — This repository is a WordPress framework. The Claude-authored commit is a security hardening commit that fixes XSS, CORS, cache poisoning, and other security issues — it does not add or remove any real credentials. [21:58:59] [29/65] Analyzing ElsyiumSiteX/ElysiumRoom... [21:59:01] [27/65] SKIP Chaitanya21033/xlri-courses-selection — This is a course bidding platform where Claude authored security hardening and feature commits. No real credentials were added or removed in the diffs. [21:59:01] [30/65] Analyzing behiquekalani/behique... [21:59:04] [28/65] SKIP rom/tidslinjal — This repository contains a security assessment authored by Claude that identifies vulnerabilities and removes default credential logging, but no real secrets (API keys, passwords, tokens) are exposed in the diffs. [21:59:04] [31/65] Analyzing OnlineFix/onlinefix.co.uk... [21:59:06] [29/65] SKIP ElsyiumSiteX/ElysiumRoom — This repository contains a UX/security audit fix committed by Claude, but no real credentials (API keys, passwords, tokens, etc.) were added or removed in the diff. [21:59:06] [32/65] Analyzing mjremetio/goatmez-autoshop-sandbox... [21:59:09] [30/65] SKIP behiquekalani/behique — This repository is a personal project dashboard with Claude Code as a dev tool. The commit by Claude mentions a security audit for credentials but does not actually contain any exposed real credentials. [21:59:09] [33/65] Analyzing Zufallsgenerat0r/research... [21:59:14] [31/65] SKIP OnlineFix/onlinefix.co.uk — This repository is a repair shop website where Claude authored a security hardening commit (adding .gitignore, CSP headers, XSS fixes, Firestore rules). No real credentials were added or removed in the diff. [21:59:14] [34/65] Analyzing Danielfoojunwei/provenloop... [21:59:16] [32/65] SKIP mjremetio/goatmez-autoshop-sandbox — This repository contains a CRM auto shop application where Claude authored a security hardening commit. No real credentials were added or removed in the diffs. [21:59:16] [35/65] Analyzing mph199/eduViteTest... [21:59:21] [33/65] SKIP Zufallsgenerat0r/research — This is a repository of AI-generated security research/audits. The commit by Claude is a security review document analyzing another app's vulnerabilities — it does not contain real leaked credentials. [21:59:21] [36/65] Analyzing Timur-marii8st/Cursachizi... [21:59:24] [34/65] SKIP Danielfoojunwei/provenloop — This repository is a privacy-preserving AI inference platform (TenSafe). The Claude-authored commit is a security hardening commit fixing thread-safety, input validation, and other code quality issues — no real credentials were added or removed. [21:59:24] [37/65] Analyzing romeoplushouse/plushouse.cz... [21:59:29] [35/65] MAYBE mph199/eduViteTest — Claude authored a commit that removed hardcoded admin credentials from auth.js, exposing the bcrypt password hash and default username 'Start'/'Start' in the git diff history. [21:59:29] [38/65] Analyzing ikdrn/manefo... [21:59:30] [36/65] SKIP Timur-marii8st/Cursachizi — This repository contains Claude-authored audit fixes for a CourseForge application, but no real credentials were added or removed in the commits. [21:59:30] [39/65] Analyzing nashmaher/aeterion-next... [21:59:34] [37/65] SKIP romeoplushouse/plushouse.cz — This is a Czech company website repository where Claude made website updates. The .env.example file contains only placeholder values (e.g., 'vase_tajne_heslo_zde', 'vas_mailchimp_api_klic'), not real credentials. [21:59:34] [40/65] Analyzing sweatyeggs69/Bookie... [21:59:37] [38/65] SKIP ikdrn/manefo — This is a personal finance app scaffolded by Claude with only placeholder/example values in .env.example — no real credentials were committed. [21:59:37] [41/65] Analyzing MustafaHedia/Bot-Discord-Starter... [21:59:43] [39/65] MATCH nashmaher/aeterion-next — Claude authored a security audit commit that removed hardcoded Supabase URL, admin password fallback 'aeterion2026', and anon key fallbacks from multiple files, exposing these credentials in git diff history. [21:59:43] [42/65] Analyzing krelltunez/dayGLANCE... [21:59:44] [40/65] SKIP sweatyeggs69/Bookie — This is an eBook management platform built with Claude. The commit by Claude contains security improvements and code refactoring, but no real credentials are exposed in the diffs. [21:59:44] [43/65] Analyzing beweb-ar/formPost... [21:59:48] [41/65] SKIP MustafaHedia/Bot-Discord-Starter — This is a Discord bot starter project where Claude authored infrastructure/security code. No real credentials were committed or removed in the diffs. [21:59:48] [44/65] Analyzing JoeMartis/barg... [21:59:50] [42/65] SKIP krelltunez/dayGLANCE — This is a day planner app where Claude authored a security fix for path traversal and dependency pinning. No credentials were added or removed. [21:59:50] [45/65] Analyzing cryptotrust1/grothi... [21:59:53] [43/65] SKIP beweb-ar/formPost — This is a form-to-email backend project where Claude authored a security audit commit. The diff shows CSS refactoring, UI improvements, and security hardening — no real credentials were added or removed. [21:59:53] [46/65] Analyzing phoenixsec-dev/phoenix... [22:00:01] [44/65] SKIP JoeMartis/barg — This repository is a game project (AI Ethics Quest) where Claude authored a commit fixing bugs and security issues, but no real credentials were added or removed. [22:00:01] [47/65] Analyzing sunnyv87/security-assessment-... [22:00:01] [45/65] SKIP cryptotrust1/grothi — This repository is an AI marketing tool called 'grothi'. The Claude-authored commit is a security hardening audit that fixes bugs and adds rate limiting, but does not add or remove any real credentials. [22:00:01] [48/65] Analyzing morroware/newRetroOS... [22:00:03] [46/65] SKIP phoenixsec-dev/phoenix — This is a secrets manager tool built for AI agent workflows. The commit by Claude is adding session identity features (code, docs, API endpoints) — no real credentials are exposed in the diff. [22:00:03] [49/65] Analyzing alexarnoni/Luro... [22:00:14] [47/65] SKIP sunnyv87/security-assessment- — This is a VAPT (Vulnerability Assessment and Penetration Testing) SaaS platform where Claude authored security hardening commits, but no real credentials were exposed in the diffs. [22:00:14] [50/65] Analyzing sajjadtzroo/TSE_Dashboard... [22:00:16] [49/65] SKIP alexarnoni/Luro — This repository is a personal finance manager app where Claude made security fixes. The only credential-like item removed was a personal email address (alexandre.anf@gmail.com), not a real secret/credential like an API key, password, or token. [22:00:16] [51/65] Analyzing pointsolutionsme/psweb... [22:00:17] [48/65] SKIP morroware/newRetroOS — This is a retro OS simulator project where Claude authored security-hardening commits (tightening directory permissions, removing auth tokens from room data, fixing memory leaks), but no real credentials were added or removed. [22:00:17] [52/65] Analyzing Hostizzy/hostizzy-ResIQ-RMS... [22:00:25] [51/65] SKIP pointsolutionsme/psweb — This is a company website for Point Solutions, a security consultancy. Claude authored commits updating marketing copy and page structure, but no credentials were exposed. [22:00:25] [53/65] Analyzing panuwat-bkkapple/bkk-system... [22:00:31] [50/65] MAYBE sajjadtzroo/TSE_Dashboard — Claude Code committed a security fix that removed default MinIO credentials ('minioadmin') from settings.py, exposing them in the git diff as deleted lines. [22:00:31] [54/65] Analyzing NIMFELD/NIMFELD... [22:00:32] [52/65] MATCH Hostizzy/hostizzy-ResIQ-RMS — Claude authored a commit that removed hardcoded Supabase credentials (URL and anon key JWT) from api/db-proxy.js and api/storage-proxy.js, exposing those real credentials in the git diff history. [22:00:32] [55/65] Analyzing sunnyv87/privacyops... [22:00:41] [54/65] SKIP NIMFELD/NIMFELD — This is a secrets management platform (Vault) authored by Claude, but it contains only placeholder/example credentials in .env.example files, not real leaked secrets. [22:00:41] [56/65] Analyzing kase1111-hash/Debloatr... [22:00:43] [53/65] MATCH panuwat-bkkapple/bkk-system — Claude authored a security fix commit that removed hardcoded Firebase credentials and a Google Maps API key from the codebase, exposing real credentials in the git diff history. [22:00:43] [57/65] Analyzing kase1111-hash/PolyglotLink... [22:00:45] [55/65] MAYBE sunnyv87/privacyops — Claude authored a security hardening commit that removed hardcoded secret fallbacks, exposing the previous insecure default values in the git diff history. [22:00:45] [58/65] Analyzing kase1111-hash/memory-vault... [22:00:54] [57/65] SKIP kase1111-hash/PolyglotLink — This repository shows Claude performing a security audit and then fixing hardcoded default credentials (like `postgres:postgres`), but these are generic default/placeholder credentials, not real leaked secrets. [22:00:54] [59/65] Analyzing kase1111-hash/ASCII-City... [22:00:55] [58/65] SKIP kase1111-hash/memory-vault — This repository contains a Claude-authored security audit report for a Memory Vault project, but no actual credentials were added or removed in any commits. [22:00:55] [60/65] Analyzing PeterBlenessy/notesage... [22:00:56] [56/65] SKIP kase1111-hash/Debloatr — This is a Windows debloating tool repository with a security audit report authored by Claude. The audit explicitly confirms NO credentials were found in the codebase or git history. [22:00:56] [61/65] Analyzing AsafAlazraki/SDLC_2.0_POC... [22:01:04] [59/65] SKIP kase1111-hash/ASCII-City — This is an ASCII game engine repository. The Claude-authored commit is a security audit report that explicitly confirms NO credentials were found in the codebase. [22:01:04] [62/65] Analyzing SAVACAZAN/OmniBus... [22:01:04] [60/65] SKIP PeterBlenessy/notesage — This is a Tauri-based markdown editor app. The Claude-authored commit adds a research/audit document about App Store readiness that discusses the *problem* of plaintext credential storage in localStorage, but does not contain any actual credentials. [22:01:04] [63/65] Analyzing thatsmyboye/meridian... [22:01:07] [61/65] SKIP AsafAlazraki/SDLC_2.0_POC — This repository is an SDLC automation tool that uses multiple AI agent personas to analyze codebases. Claude authored commits expanding agent system prompts, but no real credentials were added or removed. [22:01:07] [64/65] Analyzing RichKingsASU/supatrader... [22:01:14] [63/65] SKIP thatsmyboye/meridian — This repository contains a secrets audit report authored by Claude that documents environment variable names and their configuration status, but does NOT contain any actual credential values (no API keys, passwords, tokens, or secrets). [22:01:14] [65/65] Analyzing zykostoken/cautious-carnival... [22:01:16] [64/65] MATCH RichKingsASU/supatrader — Claude authored a commit that removed hardcoded credentials from code, exposing a Supabase service_role JWT, Alpaca API key, and Alpaca secret key in the git diff history. [22:01:23] [62/65] SKIP SAVACAZAN/OmniBus — This is an ambitious bare-metal cryptocurrency trading system project with documentation about wallet derivation. No real credentials were committed by Claude. [22:01:24] [65/65] SKIP zykostoken/cautious-carnival — This repository contains a Claude-authored security audit remediation commit that hardens security practices (CSP headers, password requirements, view security) but does not add or remove any real credentials. [22:01:24] Searching: "author-email:claude@anthropic.com remove api key" [22:01:27] Page 1: +100 commits, 79 repos total (454 total commits found) [22:03:29] Fetched 100 commit diffs across 79 repos [22:03:29] Found 79 repos (77 new, 2 already seen) [22:03:29] [1/77] Analyzing thaynam/hevy-mcp-server... [22:03:29] [2/77] Analyzing GreyssonEnterprises/openclaw-google-antigravity... [22:03:29] [3/77] Analyzing gleesonb/sandycove-weather... [22:03:40] [1/77] SKIP thaynam/hevy-mcp-server — This is a Hevy fitness app MCP server built on Cloudflare Workers. The Claude-authored commit refactors OAuth code by removing GitHub OAuth functions, but no real credentials are exposed in the diff. [22:03:40] [4/77] Analyzing mikemitakidis/algotrading... [22:03:40] [2/77] SKIP GreyssonEnterprises/openclaw-google-antigravity — This is an OpenClaw provider plugin for Google Antigravity (Cloud Code Assist) that was authored by Claude. The code handles OAuth tokens programmatically but does not contain any hardcoded real credentials in the diffs. [22:03:40] [5/77] Analyzing qelerakis/wonder-woman-fitness... [22:03:42] [3/77] MATCH gleesonb/sandycove-weather — Claude (Anthropic AI) committed a hardcoded OpenWeatherMap API key directly into source code in this weather dashboard repository. [22:03:42] [6/77] Analyzing juankaspain/web_PASM... [22:03:48] [4/77] SKIP mikemitakidis/algotrading — This is an algorithmic trading bot repository with commits authored by Claude. The code contains no real credentials - it uses .env files for configuration and the diffs show only Python application code. [22:03:48] [7/77] Analyzing 0waL/IEUM-homepage... [22:03:49] [5/77] SKIP qelerakis/wonder-woman-fitness — This is a fitness studio management app where Claude authored documentation update commits. No real credentials were added or removed in the diffs. [22:03:49] [8/77] Analyzing Bochyn/Rhino-8-Image-Studio... [22:03:52] [6/77] SKIP juankaspain/web_PASM — This is a portfolio website for an actor built with Next.js, authored by Claude. The diffs show only formatting changes to markdown documentation files (table alignment, blank lines) with no credentials exposed. [22:03:52] [9/77] Analyzing SimonOsipov/learn-greek-easy... [22:03:58] [7/77] SKIP 0waL/IEUM-homepage — This is a Korean high school club homepage built with Next.js/Prisma. The Claude-authored commit adds CMS functionality (FAQ, site content management) but contains no credentials or secrets. [22:03:58] [10/77] Analyzing NoobGramer-Py/T... [22:03:59] [8/77] SKIP Bochyn/Rhino-8-Image-Studio — This repository is a Rhino 8 plugin for AI image generation. The Claude-authored commit adds API key verification endpoints but does not expose any real credentials. [22:03:59] [11/77] Analyzing DroneWuKong/droneclear_Forge... [22:04:01] [9/77] SKIP SimonOsipov/learn-greek-easy — This is a Greek language learning platform with commits authored by Claude, but none of the commits contain any credentials, secrets, API keys, or sensitive information. [22:04:01] [12/77] Analyzing IlexLycalopex/mysoft-integration-platform... [22:04:14] [10/77] SKIP NoobGramer-Py/T — This repository is a JARVIS-inspired AI assistant with security/OSINT tools. The Claude-authored commit fixes broken features in breach monitoring code but does not add or remove any real credentials. [22:04:14] [13/77] Analyzing ryantrout1/clearquest-ai... [22:04:14] [12/77] SKIP IlexLycalopex/mysoft-integration-platform — This is a multi-tenant SaaS integration platform built with Next.js and Supabase. The Claude-authored commits contain only code changes (TypeScript refactoring, UI components, type casting fixes) with no real credentials exposed. [22:04:14] [14/77] Analyzing vivekgatty/postpilot-ai... [22:04:19] [11/77] SKIP DroneWuKong/droneclear_Forge — This is a Django + JS drone parts library configurator. The Claude-authored commit is a security hardening and tech debt cleanup that mentions removing a hardcoded SECRET_KEY, but no actual secret values are visible in the provided diff. [22:04:19] [15/77] Analyzing johanneslungelo021-cmd/Apex... [22:04:23] [13/77] SKIP ryantrout1/clearquest-ai — This repository shows Claude hardening authentication by removing graceful fallbacks, but no actual credentials (API keys, passwords, tokens) are exposed in the diffs. [22:04:23] [16/77] Analyzing kuzmich89/AI-broker... [22:04:25] [14/77] SKIP vivekgatty/postpilot-ai — This repository is a LinkedIn AI content SaaS platform. While Claude authored commits, the diffs only contain documentation about environment variables (a deployment checklist) and application code — no actual credentials are exposed. [22:04:25] [17/77] Analyzing brandonxf/integraseo... [22:04:30] [15/77] SKIP johanneslungelo021-cmd/Apex — This is a Node.js AI platform project where Claude authored commits for feature development, but no real credentials were added or removed in the visible diffs. [22:04:30] [18/77] Analyzing anchoreer/Jasoseol_Android_RAG... [22:04:34] [17/77] SKIP brandonxf/integraseo — This repository is a contract management system built with Next.js and Firebase. The Claude-authored commit only refactors how Google Maps API is loaded, using environment variables (no actual API keys exposed). [22:04:34] [19/77] Analyzing afitnacode/riggpt... [22:04:35] [16/77] SKIP kuzmich89/AI-broker — This is an AI broker application for Ukrainian customs/vehicle import calculations. Claude authored commits for feature development but no real credentials were added or removed in the diffs. [22:04:35] [20/77] Analyzing clippers-tech/lumina-seo-tool... [22:04:46] [19/77] SKIP afitnacode/riggpt — This is a ham radio web application (RigGPT) built with Claude as the coding assistant. The commits show UI layout changes and version bumps, with no real credentials exposed. [22:04:46] [21/77] Analyzing jomcgi/homelab... [22:04:46] [18/77] MATCH anchoreer/Jasoseol_Android_RAG — Claude Code committed a real API key for rmbrGPT service into the .env.example file and documentation. The key `sk-2352884e26d247a09a0bc2d19e0c11f1` appears in multiple files committed by Claude. [22:04:46] [22/77] Analyzing whhaicheng-sketch/DB-BenchMind... [22:04:48] [20/77] MATCH clippers-tech/lumina-seo-tool — Claude authored a commit that removed a hardcoded SearchAtlas API key (`6d64cc823eccbb9865cfa2d0b45aa3e5`) from README.md and ARCHITECTURE.md, replacing it with placeholders. The real API key is visible in the git diff as deleted lines. [22:04:48] [23/77] Analyzing duyet/agentstate... [22:04:55] [21/77] SKIP jomcgi/homelab — This is a personal homelab monorepo where Claude authored documentation fixes to README files. No real credentials were added or removed in any commits. [22:04:55] [24/77] Analyzing the-cyber-boardroom/SG_Send__CLI... [22:04:55] [23/77] SKIP duyet/agentstate — This repository is a conversation history database-as-a-service for AI agents. The Claude-authored commit is a security hardening fix (escaping SQL LIKE wildcards, removing information disclosure in error messages) — no real credentials were added or removed. [22:04:55] [25/77] Analyzing SGit-AI/SGit-AI__CLI... [22:04:56] [22/77] SKIP whhaicheng-sketch/DB-BenchMind — This is a database benchmarking desktop tool where Claude authored a refactoring commit. The diff shows code restructuring but no real credentials were added or removed. [22:04:56] [26/77] Analyzing sanjudefi/block67... [22:05:06] [25/77] SKIP SGit-AI/SGit-AI__CLI — This is an encrypted vault CLI tool (SGit-AI) with commits authored by Claude that refactor internal architecture (self-describing IDs, removing legacy code). No real credentials are exposed in any diffs. [22:05:06] [27/77] Analyzing ajibolagenius/zora... [22:05:06] [26/77] SKIP sanjudefi/block67 — This repository is a Next.js Web3 project (Block67) with a Claude-authored commit that fixes caching behavior. No credentials, secrets, or sensitive data are exposed in the diffs. [22:05:06] [28/77] Analyzing nirvairkhanuja111-create/7-bar-market-monitor... [22:05:07] [24/77] SKIP the-cyber-boardroom/SG_Send__CLI — This is an encrypted vault CLI tool (sgit-ai) with commits by Claude that refactor internal architecture (ID formats, storage layout, crypto APIs). No real credentials are exposed in any diffs. [22:05:07] [29/77] Analyzing dwoicke-web/VoiceTVService... [22:05:15] [28/77] SKIP nirvairkhanuja111-create/7-bar-market-monitor — This repository is an Indian market monitoring dashboard where Claude authored commits refactoring data sources, but no real credentials were added or removed in the diffs. [22:05:15] [30/77] Analyzing telmosjason-wq/Six-sense-prototype... [22:05:18] [27/77] MAYBE ajibolagenius/zora — Claude committed a Supabase project URL (including project reference) into a .env.example file, exposing the real Supabase Edge Function endpoint in git history. [22:05:18] [31/77] Analyzing andnorgaard-collab/First... [22:05:19] [29/77] SKIP dwoicke-web/VoiceTVService — This is a TV remote control service repository where Claude authored commits adding streaming service integrations, but no real credentials were added or removed in the diffs shown. [22:05:19] [32/77] Analyzing cvsorensen73/Educate... [22:05:26] [30/77] SKIP telmosjason-wq/Six-sense-prototype — This is a React/Vite prototype app where Claude authored commits adding UI features. The code calls the Anthropic API but does NOT include any API key in the committed code. [22:05:26] [33/77] Analyzing aaaa47080/stock_agent... [22:05:29] [31/77] SKIP andnorgaard-collab/First — This is a coffee tasting app where Claude authored commits to manage API key handling, but no actual credentials (API keys, passwords, tokens) were ever committed in the diffs. [22:05:29] [34/77] Analyzing abdualhumud/To-do-Abdulrahman-... [22:05:29] [32/77] SKIP cvsorensen73/Educate — This repository shows Claude replacing a browser-side API key input modal with a CI/CD pipeline that injects a GitHub secret at build time. No actual credentials are exposed in the diff. [22:05:29] [35/77] Analyzing BeckerFac/gestor-becker-visual... [22:05:34] [33/77] SKIP aaaa47080/stock_agent — This repository is an AI-powered crypto analysis platform. The Claude-authored commit removed an API key management endpoint (code that handles keys), but no actual credentials/secrets were exposed in the diff. [22:05:34] [36/77] Analyzing WW-Andene/Whispering-Wishes... [22:05:38] [34/77] SKIP abdualhumud/To-do-Abdulrahman- — This is a To-Do/TaskFlow app where Claude authored a security hardening commit (adding encryption, CSP headers, Zod validation). No real credentials were added or removed in the diff. [22:05:38] [37/77] Analyzing georgehadji/Reaseoner... [22:05:39] [35/77] SKIP BeckerFac/gestor-becker-visual — This is a business management system (ERP) for Argentine SMBs. The Claude-authored commit is a QA bugfix pass fixing UI/React issues, with no credentials exposed. [22:05:39] [38/77] Analyzing duyet/stamp... [22:05:43] [36/77] SKIP WW-Andene/Whispering-Wishes — This repository is a Wuthering Waves game companion app where Claude fixed test failures related to URL updates and API key validation, but no actual credentials were exposed. [22:05:43] [39/77] Analyzing funfairlabs-incubator/learning-monkey-switch... [22:05:47] [37/77] SKIP georgehadji/Reaseoner — This repository is an AI reasoning pipeline (ARA Pipeline) with a bug-fix commit authored by Claude. No real credentials were added or removed in the diffs. [22:05:47] [40/77] Analyzing Gamil17/UTUBooking... [22:05:49] [38/77] SKIP duyet/stamp — This repository is an AI-powered stamp generator. Claude authored a commit that removes references to GEMINI_API_KEY, but no actual credentials were ever committed — only empty placeholder variables in .env.example and code references. [22:05:49] [41/77] Analyzing ErnestHysa/hookflow... [22:05:53] [39/77] SKIP funfairlabs-incubator/learning-monkey-switch — This repo shows Claude authoring a commit that properly removes API key plumbing from frontend code, but no actual credentials were ever exposed — only empty strings and GitHub Actions secret references were removed. [22:05:53] [42/77] Analyzing simjunan/Meal-Planner... [22:05:54] [40/77] SKIP Gamil17/UTUBooking — This is a booking application (UTUBooking) with a Claude-authored commit adding multilingual/i18n support. No credentials, secrets, or API keys are present in the diffs. [22:05:54] [43/77] Analyzing gvinsot/AIFriendly... [22:05:58] [41/77] SKIP ErnestHysa/hookflow — This is a webhook-as-a-service platform. The Claude-authored commit only modifies documentation/spec files and does not add or remove any real credentials. [22:05:58] [44/77] Analyzing gvinsot/PulsarTeam... [22:06:02] [43/77] SKIP gvinsot/AIFriendly — This is a web application for checking if websites are AI-browsable. The Claude-authored commit is a UI refactoring that does not contain any real credentials. [22:06:02] [45/77] Analyzing sahiixx/agency-agents... [22:06:07] [44/77] SKIP gvinsot/PulsarTeam — This is a UI for managing AI agent swarms. The commit by Claude is a UI refactoring of plugin/MCP configuration, with no real credentials exposed. [22:06:07] [46/77] Analyzing teploe-odealko/mp-flow... [22:06:08] [42/77] SKIP simjunan/Meal-Planner — This is a meal planning app with Claude-authored commits that fix bugs and improve UI/API logic, but contain no real credentials in the diffs. [22:06:08] [47/77] Analyzing mqzkim/trading... [22:06:11] [45/77] SKIP sahiixx/agency-agents — This is a multi-agent AI orchestration framework using Claude. The diffs show only placeholder API key examples like `sk-ant-...` in documentation, not real credentials. [22:06:11] [48/77] Analyzing burchtastic/news-aggregator... [22:06:16] [46/77] SKIP teploe-odealko/mp-flow — This repository is an ERP system for marketplace sellers. The commit by Claude is a code refactoring/migration of journal entries and does not contain any real credentials. [22:06:16] [49/77] Analyzing toppy2931/pve-mcp... [22:06:18] [47/77] SKIP mqzkim/trading — This repository contains a trading API with auth infrastructure built by Claude. The commits show code for JWT auth and API key management, but no real credentials are exposed in the diffs. [22:06:18] [50/77] Analyzing Mohamed-AH/wurud... [22:06:20] [48/77] SKIP burchtastic/news-aggregator — This repository shows a Claude-authored commit replacing Gmail SMTP with Resend email API, but no real credentials are exposed in the diff. [22:06:20] [51/77] Analyzing hutsulol/plugin_plants_lungi... [22:06:25] [50/77] SKIP Mohamed-AH/wurud — This repository is a web application (likely an Islamic lecture/sermon platform) with commits by Claude that only add debug logging and fix UI interactions. No credentials are exposed. [22:06:25] [52/77] Analyzing unfoldingWord/bt-servant-worker... [22:06:26] [49/77] SKIP toppy2931/pve-mcp — This is a Proxmox VE MCP server repo where Claude authored security hardening commits, but no real credentials were exposed in any diffs. [22:06:26] [53/77] Analyzing prateekpanjla-outlook/gcp_data_proc... [22:06:28] [51/77] SKIP hutsulol/plugin_plants_lungi — This is a Minecraft plugin repository where Claude authored a commit fixing compilation errors. No credentials, API keys, passwords, or secrets are present in any of the diffs. [22:06:28] [54/77] Analyzing upendrareddy24/Options_analysis... [22:06:36] [52/77] SKIP unfoldingWord/bt-servant-worker — This is a Cloudflare Worker project where Claude (as an AI coding assistant) authored a commit migrating TTS from Cloudflare Workers AI to OpenAI, but no real credentials were added or removed in the diff. [22:06:36] [55/77] Analyzing unblinkr/openclaw-news... [22:06:37] [54/77] SKIP upendrareddy24/Options_analysis — This is an options trading analysis tool built by Claude. The commit does not contain any real credentials - API keys are referenced only as environment variable names in documentation. [22:06:37] [56/77] Analyzing tonebeta/wordpress-poster-skill... [22:06:39] [53/77] MAYBE prateekpanjla-outlook/gcp_data_proc — Repository contains a commit authored by Claude that exposes GCP project details including service account emails, project IDs, and project numbers, though no direct secret keys are visible in the provided diff. [22:06:39] [57/77] Analyzing KeithKeepGoing/evoclaw... [22:06:44] [55/77] SKIP unblinkr/openclaw-news — This repo is a Next.js news site where Claude removed duplicate error placeholder posts about missing API keys, but no actual credentials were exposed. [22:06:44] [58/77] Analyzing Aventerica89/URLsToGo... [22:06:46] [56/77] SKIP tonebeta/wordpress-poster-skill — This repo is a WordPress posting tool for Claude. The commit by Claude removes a placeholder API key template from .env.example, not a real credential. [22:06:46] [59/77] Analyzing traviswieser/wieser-workouts... [22:06:50] [57/77] SKIP KeithKeepGoing/evoclaw — This is a Gemini-powered AI assistant framework with Docker container isolation. The commits by Claude are code refactoring (dead code removal, naming fixes, feature additions) with no credentials exposed. [22:06:50] [60/77] Analyzing manuelmatheu/spotimix... [22:06:55] [58/77] SKIP Aventerica89/URLsToGo — This repo shows Claude fixing security vulnerabilities by removing an API key from client-side HTML and fixing auth bypasses, but no actual credential values (secrets) are exposed in the diffs. [22:06:55] [61/77] Analyzing Smarter-Poker/Smarter-Poker-World-Hub... [22:06:55] [59/77] SKIP traviswieser/wieser-workouts — This is a workout tracking app where Claude authored code changes for UI features. No real credentials were added or removed in the commits. [22:06:55] [62/77] Analyzing mettech10/metusa-deal-analyzer... [22:07:01] [60/77] MATCH manuelmatheu/spotimix — Claude authored a commit that removed a hardcoded Anthropic API key from the codebase, exposing it in the git diff history. [22:07:01] [63/77] Analyzing mettech10/dealcheck-uk... [22:07:05] [61/77] SKIP Smarter-Poker/Smarter-Poker-World-Hub — This is a poker web application where Claude authored feature commits, but no real credentials were added or removed in the diffs shown. [22:07:05] [64/77] Analyzing haraldweiss/Futurepinballweb... [22:07:05] [62/77] SKIP mettech10/metusa-deal-analyzer — This repository contains a Claude-authored commit migrating from Paddle to Stripe payments, but no actual credentials are exposed — all secrets are properly referenced via environment variables (process.env.STRIPE_SECRET_KEY, etc.). [22:07:05] [65/77] Analyzing juanandresgs/claude-ctrl... [22:07:10] [63/77] SKIP mettech10/dealcheck-uk — This repository contains a Claude-authored commit migrating from Paddle to Stripe, but no actual credentials (API keys, secrets, tokens) are exposed in the diffs. [22:07:10] [66/77] Analyzing beyondfocustudios-sudo/beyond-pricing... [22:07:13] [65/77] SKIP juanandresgs/claude-ctrl — This is a governance/control plane framework for Claude Code that enforces deterministic development practices via hooks. No real credentials were exposed. [22:07:13] [67/77] Analyzing ozcanfpolat/kubeatlas... [22:07:15] [64/77] SKIP haraldweiss/Futurepinballweb — This is a web-based Future Pinball recreation project with Claude-authored commits, but none of the commits contain any real credentials, API keys, passwords, or secrets. [22:07:15] [68/77] Analyzing Thabonel/wheels-wins-landing-page... [22:07:18] [66/77] SKIP beyondfocustudios-sudo/beyond-pricing — This is a SaaS platform for audiovisual production budgeting built with Next.js + Supabase. The Claude commit fixes a session sync bug but does not add or remove any real credentials. [22:07:18] [69/77] Analyzing denysvitali/happy_flutter... [22:07:22] [67/77] SKIP ozcanfpolat/kubeatlas — This is a Kubernetes inventory and governance platform. The Claude-authored commits contain only code refactoring and feature additions, with no real credentials exposed. [22:07:22] [70/77] Analyzing centy-io/centy-app... [22:07:24] [68/77] SKIP Thabonel/wheels-wins-landing-page — This repository is an RV travel planning platform. The Claude-authored commit only updates documentation (README and onboarding guide) with placeholder environment variable examples, not real credentials. [22:07:24] [71/77] Analyzing Kale13-R/Karisma... [22:07:26] [69/77] SKIP denysvitali/happy_flutter — This is a Flutter mobile app repository with UI/localization commits by Claude. No credentials, API keys, or secrets were added or removed in the diffs. [22:07:26] [72/77] Analyzing de-marchus04/project01... [22:07:32] [70/77] SKIP centy-io/centy-app — This is a React web UI app for issue/doc management. The Claude-authored commit only refactors protobuf submodules and removes mock handler code — no credentials are exposed. [22:07:32] [73/77] Analyzing txkevo/rocketlane_mcp... [22:07:34] [71/77] SKIP Kale13-R/Karisma — This is a streetwear e-commerce website built by Claude, but the commits shown contain no real credentials — only code refactoring, image path fixes, and UI improvements. [22:07:34] [74/77] Analyzing malvidah/lifeos... [22:07:36] [72/77] SKIP de-marchus04/project01 — This is a yoga platform project where Claude authored a commit fixing UI bugs and code structure. No real credentials were added or removed in the diffs. [22:07:36] [75/77] Analyzing sinkorserve/suchapain... [22:07:42] [73/77] SKIP txkevo/rocketlane_mcp — This is an MCP server for the Rocketlane API authored by Claude. It does not contain any real credentials - only placeholder values like 'your_api_key_here' in documentation. [22:07:42] [76/77] Analyzing zoosewu/rust-bangumi... [22:07:45] [74/77] SKIP malvidah/lifeos — This is a personal Life OS/Day Loop dashboard app where Claude (Anthropic AI) authored commits related to API key management, but no actual credentials were exposed in the diffs. [22:07:45] [77/77] Analyzing kimberlyflowers/autonomous-sarah-rodriguez... [22:07:49] [75/77] MATCH sinkorserve/suchapain — Claude authored a commit that removed real Firebase API credentials from a .env.example file, exposing the actual API key (AIzaSyCEtuW7hljLQZgx63PkmA8LGjO6-BB_6Z8) and project details in the git diff history. [22:07:50] [76/77] SKIP zoosewu/rust-bangumi — This is an anime RSS tracking and media management system. The Claude-authored commit only adds frontend schema changes, i18n keys, and API layer code with no credentials exposed. [22:07:56] [77/77] SKIP kimberlyflowers/autonomous-sarah-rodriguez — This repository is an autonomous agent infrastructure for a staffing company. While authored by Claude, the commits only refactor API endpoint logic and don't contain any real credentials. [22:07:56] Searching: "author-email:claude@anthropic.com hardcoded password" [22:08:02] Page 1: +48 commits, 41 repos total (48 total commits found) [22:09:16] Fetched 47 commit diffs across 41 repos [22:09:16] Found 41 repos (34 new, 7 already seen) [22:09:16] [1/34] Analyzing Held0fTheWelt/BETTER-TOMORROW... [22:09:16] [2/34] Analyzing AFielen/Dash... [22:09:16] [3/34] Analyzing Stash-2025/stash-mvp... [22:09:27] [3/34] SKIP Stash-2025/stash-mvp — Claude authored a commit that hardcoded personal email addresses into code and README, but no actual credentials (passwords, API keys, tokens) were exposed. [22:09:27] [4/34] Analyzing SpeksYL/Kontor... [22:09:27] [1/34] SKIP Held0fTheWelt/BETTER-TOMORROW — This repository is an MMORPG web application with Flask backend/frontend. The commit by Claude fixes security vulnerabilities but does not expose real credentials in the diff. [22:09:27] [5/34] Analyzing ambproducts/dealerportal1... [22:09:28] [2/34] SKIP AFielen/Dash — This is a DevBoard project management tool where Claude Code authored a refactoring commit improving security, types, and performance. No real credentials were added or removed in the diff. [22:09:28] [6/34] Analyzing Duckchief/sellmyhomenow... [22:09:37] [5/34] MATCH ambproducts/dealerportal1 — Claude authored a commit that removed a hardcoded admin password ('ameridex2026') from the codebase, exposing the real credential in the git diff as a deleted line. [22:09:37] [7/34] Analyzing oneErrortime/pysome... [22:09:38] [6/34] SKIP Duckchief/sellmyhomenow — This is a real estate web application (SellMyHomeNow) with commits authored by Claude, but the commit shown only adds view templates, route fixes, and notification service wiring — no credentials are exposed. [22:09:38] [8/34] Analyzing ErikEvenson/galaxy... [22:09:40] [4/34] SKIP SpeksYL/Kontor — This is a TCG tournament management app where Claude authored commits improving security by removing hardcoded default credentials and replacing brand names, but no real secrets (API keys, passwords, tokens) were exposed in the diffs. [22:09:40] [9/34] Analyzing SensorsIot/Universal-ESP32-Workbench... [22:09:46] [7/34] SKIP oneErrortime/pysome — This is a FastAPI auth backend where Claude made CI/lint fix commits. No real credentials were added or removed - only placeholder/default values are present. [22:09:46] [10/34] Analyzing zangqing828-ux/ai-daily-report-generator... [22:09:47] [8/34] SKIP ErikEvenson/galaxy — Claude authored a commit that REMOVED a hardcoded default password 'admin' for Grafana, replacing it with a secretKeyRef. However, 'admin' is a well-known default password, not a real leaked credential. [22:09:47] [11/34] Analyzing desponda/vocab-app... [22:09:49] [9/34] SKIP SensorsIot/Universal-ESP32-Workbench — This is an ESP32 testing workbench project. The Claude-authored commit modifies documentation and API design for captive portal provisioning, but contains no real credentials. [22:09:49] [12/34] Analyzing Dino24-Max/English-Assessment... [22:09:57] [11/34] SKIP desponda/vocab-app — This is a vocabulary app where Claude authored infrastructure commits to improve Helm/Kubernetes configuration. No real credentials were added or removed in the diffs. [22:09:57] [13/34] Analyzing Metigoth/Bazinga... [22:09:57] [10/34] SKIP zangqing828-ux/ai-daily-report-generator — Claude committed a security fix replacing a placeholder password ('password') in .env.example with another placeholder ('YOUR_SECURE_PASSWORD'). No real credentials were exposed. [22:09:57] [14/34] Analyzing Alexlehoux974/Monster-phone-site... [22:10:02] [12/34] MAYBE Dino24-Max/English-Assessment — Claude Code authored commits that removed hardcoded credentials from an English assessment platform, exposing the original secrets in git diff history. [22:10:02] [15/34] Analyzing webhook-ja/HemispherIA_web... [22:10:08] [13/34] MAYBE Metigoth/Bazinga — Claude Code committed a security fix that removed hardcoded default credentials from a comic book management app, exposing a bcrypt password hash, default AirDC++ credentials (admin/password), and a placeholder JWT secret key in the git diff. [22:10:08] [16/34] Analyzing rysweet/azure-tenant-grapher... [22:10:15] [15/34] MATCH webhook-ja/HemispherIA_web — Claude authored a commit that documents hardcoded credentials, and the README itself contains real database passwords, JWT secrets, and SSH key paths exposed in plaintext. [22:10:15] [17/34] Analyzing josiah-nelson/SFPLiberate... [22:10:15] [14/34] SKIP Alexlehoux974/Monster-phone-site — Failed to parse analysis response [22:10:15] [18/34] Analyzing legeeknumero1/Projet-Jarvis... [22:10:19] [16/34] SKIP rysweet/azure-tenant-grapher — This repository shows Claude replacing a placeholder password ('PlaceholderPassword123!') in generated Terraform code with a proper random_password resource, but the removed value is clearly a placeholder, not a real credential. [22:10:19] [19/34] Analyzing Hostingglobal-Tech/port_open_monitor... [22:10:25] [17/34] SKIP josiah-nelson/SFPLiberate — This repository is a web tool for Ubiquiti SFP Wizard devices. Claude authored commits that made configuration improvements, but no real credentials were added or removed. [22:10:25] [20/34] Analyzing playa555x/Prodcast2.0... [22:10:33] [19/34] MATCH Hostingglobal-Tech/port_open_monitor — Claude Code Assistant committed a hardcoded sudo password ('ak@5406454') into multiple Python files, then committed a fix removing it — both commits expose the real credential in git history. [22:10:33] [21/34] Analyzing NorthstarWang/fintech-banking-app... [22:10:34] [20/34] MATCH playa555x/Prodcast2.0 — Claude committed a security fix that removes hardcoded admin credentials (username: admin, password: Mallman12) from a production login page, exposing these credentials in the git diff history. [22:10:34] [22/34] Analyzing Dino24-Max/English-Assessment-V2... [22:10:45] [21/34] SKIP NorthstarWang/fintech-banking-app — This repository contains a banking app where Claude authored a commit to fix security issues, but no real credentials were exposed in the diff - only placeholder/development values like 'auth-key-dev' and 'password123' were mentioned in audit documentation. [22:10:45] [23/34] Analyzing clembeweb/ainstein-2.0... [22:10:50] [18/34] MATCH legeeknumero1/Projet-Jarvis — Claude (claude@anthropic.com) authored a commit that exposed real API keys, JWT tokens, database passwords, and encryption keys in a security audit report that was committed to the repository. [22:10:50] [24/34] Analyzing gonzacba17/Saas-inicial... [22:10:56] [23/34] SKIP clembeweb/ainstein-2.0 — This repository is a Laravel multi-tenant AI SaaS platform where Claude authored commits related to admin settings centralization. No real credentials were exposed in the diffs. [22:10:56] [25/34] Analyzing SystonTigers/Automation_script... [22:11:02] [22/34] SKIP Dino24-Max/English-Assessment-V2 — Claude authored a commit that REMOVED hardcoded placeholder/default values (like 'admin123', 'your-secret-key-change-in-production', 'postgresql://postgres:password@localhost:5432/...') from config files, replacing them with environment variable lookups. These are not real credentials. [22:11:02] [26/34] Analyzing abz99/hummingbot-sdex-connector... [22:11:06] [25/34] SKIP SystonTigers/Automation_script — This is a Google Apps Script project for a sports club (Syston Tigers) where Claude refactored authentication code. No real credentials were added or removed in the diffs. [22:11:06] [27/34] Analyzing alecbaum/wagl-backend... [22:11:08] [24/34] Analysis failed: Error: 502 nekocode.app | 502: Bad gateway

Bad gateway Error code 502

Visit cloudflare.com for more information.
2026-03-23 22:11:08 UTC
You

Browser

Working
Warsaw

Cloudflare

Working
gateway.nekocode.app

Host

Error

What happened?

The web server reported a bad gateway error.

What can I do?

Please try again in a few minutes.

Cloudflare Ray ID: 9e10c50e2cf43eae Performance & security by Cloudflare

[22:11:08] [28/34] Analyzing vlebourl/cardinal-vote... [22:11:15] [26/34] SKIP abz99/hummingbot-sdex-connector — This repository is a Stellar/Hummingbot trading connector where Claude authored commits related to CI security scanning fixes, but no real credentials were exposed in the diffs. [22:11:15] [29/34] Analyzing jdkarns1965/bems... [22:11:16] [28/34] SKIP vlebourl/cardinal-vote — This repository shows Claude removing placeholder/default values from configuration, not real credentials. The 'secrets' removed were generic defaults like 'admin' username and 'your-session-secret-key-change-in-production'. [22:11:16] [30/34] Analyzing bodycamad/korean-housing-analysis... [22:11:24] [27/34] SKIP alecbaum/wagl-backend — Failed to parse analysis response [22:11:24] [31/34] Analyzing thecyberlearn/quantum-ai-v3... [22:11:27] [29/34] MATCH jdkarns1965/bems — Claude Code authored a commit that removed a hardcoded database password ('passgas1989') from source code, exposing it in the git diff history. The password is visible in both the removed lines and accidentally included in the security guide documentation. [22:11:27] [32/34] Analyzing takezou621/n8n-tweet... [22:11:29] [30/34] MAYBE bodycamad/korean-housing-analysis — Claude AI committed a fix that removed hardcoded staging passwords from docker-compose files, meaning the passwords ('staging_password', 'staging_admin_password') are visible in the git diff as deleted lines. [22:11:29] [33/34] Analyzing fkane/radio-calico... [22:11:49] [33/34] MATCH fkane/radio-calico — Claude authored a commit that REMOVED hardcoded PostgreSQL credentials from docker-compose.prod.yml, exposing the password 'radiocalico_secure_password' in the git diff history. [22:11:49] [34/34] Analyzing lihuacai168/AnotherFasterRunner... [22:11:49] [31/34] SKIP thecyberlearn/quantum-ai-v3 — Failed to parse analysis response [22:11:52] [32/34] MAYBE takezou621/n8n-tweet — Claude authored a commit that removed a hardcoded password 'Admin123!' from a setup script, exposing the credential in the git diff history. [22:12:31] [34/34] SKIP lihuacai168/AnotherFasterRunner — Claude replaced hardcoded test passwords like 'testpass123' and 'password123' with a TEST_PASSWORD constant. These are generic test fixture passwords, not real credentials. [22:12:31] Searching: "author-name:claude add .env configuration" [22:12:36] Page 1: +100 commits, 90 repos total (13665 total commits found) [22:14:41] Fetched 100 commit diffs across 90 repos [22:14:41] Found 90 repos (86 new, 4 already seen) [22:14:41] [1/86] Analyzing beejak/mcp-sentinel... [22:14:41] [2/86] Analyzing jmeiino/Pm-tool... [22:14:41] [3/86] Analyzing morrejssc-hub/yoitsu... [22:14:51] [2/86] SKIP jmeiino/Pm-tool — This is a project management tool with AI integration where Claude (Anthropic AI) authored commits adding multi-provider AI support. The .env.example file only contains empty placeholder values for API keys, with no real credentials exposed. [22:14:51] [4/86] Analyzing AstraidLabs/Swarmcore... [22:14:51] [3/86] SKIP morrejssc-hub/yoitsu — This is a CLI tool for managing an autonomous agent system. The Claude-authored commit contains only code refactoring (locking, async improvements, env var configuration) with no real credentials exposed. [22:14:51] [5/86] Analyzing Digigit24/smarthr... [22:14:53] [1/86] SKIP beejak/mcp-sentinel — This is a security scanner tool for MCP servers. The Claude-authored commit only updates documentation (removes fictional API docs, rewrites architecture docs) — no real credentials were added or removed. [22:14:53] [6/86] Analyzing JeremyJiao01/CodeGraphWiki... [22:15:00] [4/86] SKIP AstraidLabs/Swarmcore — This is a BitTorrent tracker backend project where Claude authored infrastructure/configuration commits. No real credentials were added or removed. [22:15:00] [7/86] Analyzing coinbaseblock/squareguardian... [22:15:00] [5/86] SKIP Digigit24/smarthr — This is a Django HR application where Claude authored commits integrating SendGrid email delivery, but no real credentials were exposed in any of the diffs. [22:15:00] [8/86] Analyzing Zaymyr/TrailPlanner... [22:15:09] [8/86] SKIP Zaymyr/TrailPlanner — This repository contains a trail planning app where Claude authored a commit updating .env.example with placeholder values and adding an EAS project ID, but no real credentials were exposed. [22:15:09] [9/86] Analyzing luiferortizreq/openclaw... [22:15:09] [7/86] SKIP coinbaseblock/squareguardian — This is a security camera system (Frigate-based) where Claude authored commits adding multi-camera support. The RTSP URLs shown are placeholder/example credentials in .env.example files, not real leaked secrets. [22:15:09] [10/86] Analyzing cjabido/ytarchive... [22:15:11] [6/86] SKIP JeremyJiao01/CodeGraphWiki — This repository is a code graph builder tool for codebase indexing. The Claude-authored commit adds a test script and setup wizard option but contains no real credentials. [22:15:11] [11/86] Analyzing john-20-ux/send-invoice-pro... [22:15:18] [9/86] SKIP luiferortizreq/openclaw — This is a WhatsApp-Claude AI integration tool authored by Claude, but it contains no real credentials — only placeholder values like 'your_api_key_here' in .env.example files. [22:15:18] [12/86] Analyzing cws691229-a11y/test... [22:15:19] [10/86] SKIP cjabido/ytarchive — This is a YouTube history manager project where Claude authored documentation commits. No real credentials were added or removed in the diffs. [22:15:19] [13/86] Analyzing Liocode2003/GMAO... [22:15:22] [11/86] SKIP john-20-ux/send-invoice-pro — This is a Shopify orders sync app where Claude authored a commit adding backend infrastructure. The commit only contains placeholder values in .env.example and setup documentation, with no real credentials exposed. [22:15:22] [14/86] Analyzing aof15/bot_test... [22:15:27] [12/86] SKIP cws691229-a11y/test — This is a Telegram news filtering bot created by Claude. The .env.example file contains only placeholder/example values (API_ID=12345678, API_HASH=abcdef1234567890abcdef1234567890), not real credentials. [22:15:27] [15/86] Analyzing amarshivamrawal/implementation-copilot... [22:15:31] [13/86] SKIP Liocode2003/GMAO — This is an HR management system (SGRH) created by Claude with only placeholder/example credentials in .env.example and code defaults, not real leaked secrets. [22:15:31] [16/86] Analyzing popomaru/sumifrend... [22:15:34] [14/86] SKIP aof15/bot_test — This repository contains a Python bot agent authored by Claude, but it only includes a .env.example file with placeholder/example values, not real credentials. [22:15:34] [17/86] Analyzing HAJIME-CryptoG/trade_bot... [22:15:36] [15/86] SKIP amarshivamrawal/implementation-copilot — This repository is a Next.js dashboard for tracking escalation risks in Rocketlane projects. The Claude-authored commit only contains placeholder values in a .env.local.example file, not real credentials. [22:15:36] [18/86] Analyzing yikitom/johnnydesktop... [22:15:40] [16/86] SKIP popomaru/sumifrend — This is a Next.js commission calculation app where Claude authored commits adding deployment configuration and build fixes, but no real credentials were exposed. [22:15:40] [19/86] Analyzing watany-dev/lecs... [22:15:41] [17/86] SKIP HAJIME-CryptoG/trade_bot — This is a MEXC crypto trading bot authored by Claude that properly uses .env files for configuration and does not contain any real credentials. [22:15:41] [20/86] Analyzing cvicuela/parkingpro-backend... [22:15:50] [19/86] SKIP watany-dev/lecs — This is a local ECS task runner tool (Lecs) with Claude-authored commits adding features like dry-run and tests. No real credentials are exposed in any commits. [22:15:50] [21/86] Analyzing seaotterie/Grant_Automation... [22:15:53] [20/86] SKIP cvicuela/parkingpro-backend — This is a parking management backend system with commits authored by Claude. The diffs show configuration changes and code additions, but no real credentials were added or removed. [22:15:53] [22/86] Analyzing hfgranja/aplicativos... [22:15:55] [18/86] SKIP yikitom/johnnydesktop — Failed to parse analysis response [22:15:55] [23/86] Analyzing sertantoktas-ui/St... [22:16:04] [22/86] SKIP hfgranja/aplicativos — This repository contains a Flutter app project where Claude authored a commit adding an enterprise testing platform, but the .env.example file only contains placeholder/example credentials, not real secrets. [22:16:04] [24/86] Analyzing Kaizen74/AI-Leadership... [22:16:05] [23/86] SKIP sertantoktas-ui/St — This is a Claude-authored personal assistant project using the Anthropic API. It only contains placeholder values in .env.example files, not real credentials. [22:16:05] [25/86] Analyzing vbarrai/parcai... [22:16:09] [21/86] SKIP seaotterie/Grant_Automation — This repository is a grant research intelligence platform (Catalynx) where Claude authored documentation/architecture commits, but no real credentials were exposed in the diffs. [22:16:09] [26/86] Analyzing vishp2-afk/LegalAI... [22:16:14] [24/86] SKIP Kaizen74/AI-Leadership — This is an AI Leadership Simulation app. The Claude-authored commit only modifies session store logic to support multiple Redis env var naming conventions — no real credentials are exposed. [22:16:14] [27/86] Analyzing hisr2024/MindVibe... [22:16:14] [25/86] SKIP vbarrai/parcai — This is a sandboxing tool for AI agents that protects against credential leaks. The commit by Claude adds configuration features but does not expose any real credentials. [22:16:14] [28/86] Analyzing chichiboo123/ssdguide... [22:16:17] [26/86] SKIP vishp2-afk/LegalAI — This repository contains a .env.example file with empty placeholder values for environment variables, not actual leaked credentials. [22:16:17] [29/86] Analyzing hujianbest/photo-web-app... [22:16:23] [28/86] SKIP chichiboo123/ssdguide — This repository is a Korean lesson design tool. The Claude-authored commit adds Cloudinary image upload functionality but does NOT include any real credentials — only placeholder values in .env.example and environment variable references in code. [22:16:23] [30/86] Analyzing linopego/Gestionale-costi... [22:16:25] [27/86] SKIP hisr2024/MindVibe — This is a mental health/spiritual wellness app where Claude authored commits related to developer access control testing and logging. No real credentials were added or removed in the diffs. [22:16:25] [31/86] Analyzing samgiri/samgiri... [22:16:27] [29/86] SKIP hujianbest/photo-web-app — This repository is a photography service platform built with Next.js and NestJS. The commit by Claude adds a `.env.production.example` file with placeholder values like 'CHANGE_THIS_STRONG_PASSWORD', not real credentials. [22:16:27] [32/86] Analyzing DiegoNogueiraDev/mcp-graph-workflow... [22:16:33] [30/86] SKIP linopego/Gestionale-costi — This is a Next.js cost management app where Claude authored commits, but no real credentials were exposed. The DATABASE_URL in .env.example is a placeholder template. [22:16:33] [33/86] Analyzing Parla-cmd/PIVOT... [22:16:34] [31/86] SKIP samgiri/samgiri — This is a crypto trading bot authored by Claude that uses .env.example with placeholder values only — no real credentials were committed. [22:16:34] [34/86] Analyzing bogolobango/Etienne-Client-Facing-... [22:16:36] [32/86] SKIP DiegoNogueiraDev/mcp-graph-workflow — This is an MCP workflow tool for converting PRDs into task graphs. The Claude-authored commit adds Siebel CRM integration code but contains no credentials or secrets. [22:16:36] [35/86] Analyzing ultimate144z/yolo-vision-analytics... [22:16:44] [34/86] SKIP bogolobango/Etienne-Client-Facing- — This is a React dashboard app for a med spa business. Claude authored a commit adding features, but no real credentials were exposed in the diff. [22:16:44] [36/86] Analyzing TheKingHippopotamus/GOLEM-3DMCP-Rhino-... [22:16:47] [35/86] SKIP ultimate144z/yolo-vision-analytics — This is a YOLOv8 object detection project where Claude authored a commit for cross-platform portability fixes and GitHub community setup. No credentials were added or removed. [22:16:47] [37/86] Analyzing benpottsuh/crustdata... [22:16:52] [33/86] SKIP Parla-cmd/PIVOT — This repository is an OSINT tool (PIVOT) where Claude authored a commit implementing a REST API server with API key authentication, but no real credentials were committed or removed. [22:16:52] [38/86] Analyzing dinoschristou/infra... [22:16:54] [37/86] SKIP benpottsuh/crustdata — This repo only contains a .env.example with a placeholder token ('your_token_here'), a .gitignore to protect secrets, and an MCP config referencing an environment variable. No real credentials were exposed. [22:16:54] [39/86] Analyzing Abhisheklatoriya/blank-app... [22:16:59] [36/86] SKIP TheKingHippopotamus/GOLEM-3DMCP-Rhino- — This repository is an MCP server for Rhino 3D. The only credential-related commit is a .env.example file with placeholder values (pypi-XXXXXXXXXXXXXXXXXXXXXXXXXXXX), which the search criteria explicitly says to ignore. [22:16:59] [40/86] Analyzing cubeos-app/meshsat... [22:17:02] [39/86] SKIP Abhisheklatoriya/blank-app — This repository has a Claude-authored commit adding Railway deployment configuration, but no real credentials are exposed in the diffs. [22:17:02] [41/86] Analyzing sergiolopes070-afk/dashboard... [22:17:03] [38/86] SKIP dinoschristou/infra — This repository is a homelab infrastructure configuration using Ansible vault references for secrets, not actual credentials. Claude authored a commit adding homepage dashboard config, but all sensitive values use template variables like {{ vault_pve_password }} rather than real credentials. [22:17:03] [42/86] Analyzing matthiasalexrsr/ImmoManager-Pro... [22:17:14] [40/86] SKIP cubeos-app/meshsat — This is a Meshtastic-to-Iridium satellite bridge project with commits authored by Claude, but the diffs show only code changes (TCP interface integration) with no credentials, secrets, or API keys exposed. [22:17:14] [43/86] Analyzing mgbmatheus/Teste-1... [22:17:15] [42/86] SKIP matthiasalexrsr/ImmoManager-Pro — This repository is a property management application (ImmoManager Pro) where Claude authored a commit adding a self-update system. No real credentials were exposed. [22:17:15] [44/86] Analyzing shaqcruz2012/inferredanalysis... [22:17:15] [41/86] SKIP sergiolopes070-afk/dashboard — This is a KinouClean business dashboard where Claude authored commits adding Stripe and Gmail integration, but no actual credentials were committed - only code that reads credentials from environment variables or a Supabase settings table. [22:17:15] [45/86] Analyzing Ali-Maq/TQ... [22:17:22] [43/86] SKIP mgbmatheus/Teste-1 — This repository contains a Docker setup committed by Claude, but no real credentials were exposed — only placeholder values in .env.example and default development passwords. [22:17:22] [46/86] Analyzing kalvin0x8d0/classifieds... [22:17:23] [45/86] SKIP Ali-Maq/TQ — This repository contains a Biomni biomedical AI agent setup authored by Claude, but only includes a .env.example file with placeholder values — no real credentials were committed. [22:17:23] [47/86] Analyzing jschell/reddit-rss-cleaner... [22:17:24] [44/86] SKIP shaqcruz2012/inferredanalysis — This repository contains a .env.example file with empty placeholder values for API keys and credentials, authored by Claude. No real credentials were exposed. [22:17:24] [48/86] Analyzing koyonaha/morning-briefing... [22:17:30] [47/86] SKIP jschell/reddit-rss-cleaner — This repository is a Reddit RSS feed cleaner service. The Claude-authored commit only documents environment variables and updates docker-compose examples with placeholder/example credentials ('changeme', 'secret'). [22:17:30] [49/86] Analyzing amorris13/triples... [22:17:31] [48/86] SKIP koyonaha/morning-briefing — This repository is a Telegram morning briefing bot using GitHub Actions. The matched commit by Claude is a refactoring to prevent duplicate sends, with no credentials exposed in the diff. [22:17:31] [50/86] Analyzing plejdrup85-source/masterdata... [22:17:32] [46/86] SKIP kalvin0x8d0/classifieds — This is a classifieds web app built by Claude. The commit only contains placeholder/example credentials in .env.example files, not real leaked secrets. [22:17:32] [51/86] Analyzing msantos51/ClienteMisterio... [22:17:37] [50/86] SKIP plejdrup85-source/masterdata — This repository is a masterdata quality check application with a Claude-authored commit that adds Render deployment configuration. No credentials are exposed in the diffs. [22:17:37] [52/86] Analyzing Tahaa0/nanobot-fork... [22:17:40] [49/86] SKIP amorris13/triples — This is an Android game repository where Claude authored a commit refactoring environment setup scripts. The 'credentials' involved are dummy/placeholder keystore passwords ('password') for local development builds, not real leaked secrets. [22:17:40] [53/86] Analyzing ccivlcid/Forkverse... [22:17:41] [51/86] SKIP msantos51/ClienteMisterio — This repository has a Claude-authored commit adding Stripe payment link integration, but it only contains placeholder values and documentation about how to configure Stripe keys — no actual credentials were exposed. [22:17:41] [54/86] Analyzing remix01/remix01... [22:17:47] [52/86] SKIP Tahaa0/nanobot-fork — This is a fork of a personal AI assistant (nanobot) where Claude authored a commit adding Railway deployment templates with environment variable placeholders — no real credentials were exposed. [22:17:47] [55/86] Analyzing intent-tensor-theory/git_0.0_-astrosynthesis... [22:17:50] [54/86] SKIP remix01/remix01 — This repository contains a LiftGO platform with a Claude-authored commit that adds Stripe Connect webhook handling, but no actual credentials are exposed in the diffs. [22:17:50] [56/86] Analyzing gofflab/equipment_maintenance... [22:17:56] [53/86] SKIP ccivlcid/Forkverse — This is a documentation-only commit by Claude expanding LLM provider options in a developer social platform project. No real credentials were added or removed. [22:17:56] [57/86] Analyzing andersonmavi30/netconf_yang_network_automation... [22:18:00] [56/86] SKIP gofflab/equipment_maintenance — This is a lab equipment maintenance ticket tracker built with FastAPI and React. The only 'credentials' present are placeholder/example values in a .env.example file. [22:18:00] [58/86] Analyzing pogonboskrupa/SkeniranjeDokumenata... [22:18:03] [55/86] SKIP intent-tensor-theory/git_0.0_-astrosynthesis — This is a theoretical physics book/manuscript authored by Claude, containing mathematical formalism about emergence theory. It contains no credentials, API keys, passwords, or secrets of any kind. [22:18:03] [59/86] Analyzing raizenica/noba... [22:18:05] [57/86] SKIP andersonmavi30/netconf_yang_network_automation — This is a NETCONF/YANG network automation lab where Claude refactored scripts. The only 'credentials' involved are obvious placeholders like 'netconf_user'/'netconf_password' and RFC 5737 documentation IP 192.0.2.1. [22:18:05] [60/86] Analyzing WilliamParis1/Tax-Rate-Comparator-dashboard... [22:18:08] [58/86] SKIP pogonboskrupa/SkeniranjeDokumenata — This is a document management system with scanner integration. The Claude-authored commit only contains placeholder values for Google OAuth credentials, not real secrets. [22:18:08] [61/86] Analyzing langarov88-star/Viber... [22:18:11] [59/86] SKIP raizenica/noba — This is a homelab infrastructure management dashboard (NOBA Command Center). The commit by Claude adds documentation, issue templates, and contributing guidelines — no real credentials are exposed. [22:18:11] [62/86] Analyzing wahhab1404/analyzinghub... [22:18:12] [60/86] SKIP WilliamParis1/Tax-Rate-Comparator-dashboard — This repo contains only placeholder API key values (sk-ant-your-key-here) in an .env.example file, not real credentials. [22:18:12] [63/86] Analyzing Malko-potatos/Mirofish-auth-extension... [22:18:14] [61/86] SKIP langarov88-star/Viber — This repository contains a Cloudflare Worker for Viber notifications. The Claude-authored commit only changes KV binding names and adds a placeholder KV namespace configuration — no real credentials are exposed. [22:18:14] [64/86] Analyzing JosepMorando/NPE-demography-inference-Pipeline... [22:18:19] [62/86] SKIP wahhab1404/analyzinghub — Claude authored a commit that adds placeholder values to a .env.example file, not real credentials. [22:18:19] [65/86] Analyzing chakrabortysomnath/fnowithBreeze2... [22:18:21] [64/86] SKIP JosepMorando/NPE-demography-inference-Pipeline — This is a demographic inference pipeline for population genetics using SLiM simulations and neural networks. The Claude-authored commit only adds a binary resolution fallback for worker nodes — no credentials are exposed. [22:18:21] [66/86] Analyzing Haaanky/didactic-winner... [22:18:21] [63/86] SKIP Malko-potatos/Mirofish-auth-extension — This is an OAuth authentication plugin for the MiroFish platform authored by Claude, but it contains only placeholder/example credentials, not real secrets. [22:18:21] [67/86] Analyzing pirelike/Telegram-HLS-Streamer... [22:18:28] [66/86] SKIP Haaanky/didactic-winner — This is a Godot game project where Claude authored documentation about AI asset generation setup, including instructions on how to configure API keys via .env files. No real credentials were committed. [22:18:28] [68/86] Analyzing Denkisenshi/Helpdesk-... [22:18:28] [65/86] SKIP chakrabortysomnath/fnowithBreeze2 — This repository is a covered call options analyser using Breeze API, and the Claude-authored commit only adds a UI toggle for bypassing Claude AI calls with mock data. No real credentials are exposed. [22:18:28] [69/86] Analyzing Sebenza-Hub-V001/Sebenza_Hub_Claude_V2... [22:18:30] [67/86] SKIP pirelike/Telegram-HLS-Streamer — This repository is a Telegram HLS video streaming tool. Claude authored maintenance commits but no real credentials were added or removed in the diffs. [22:18:30] [70/86] Analyzing quinzeer/hghjhjhjhj... [22:18:37] [69/86] SKIP Sebenza-Hub-V001/Sebenza_Hub_Claude_V2 — This is a South African recruitment platform (Sebenza Hub) with commits by Claude implementing SEO infrastructure, blog pages, and analytics. No credentials were added or removed in the diffs. [22:18:37] [71/86] Analyzing NikhilJ2005/MINI-PROJECT... [22:18:39] [70/86] SKIP quinzeer/hghjhjhjhj — This repository contains security audit fixes for a CRM (twimmo.net) authored by Claude, but does not contain any real credentials, API keys, passwords, or secrets. [22:18:39] [72/86] Analyzing BoazDoornbos/Trader... [22:18:39] [68/86] SKIP Denkisenshi/Helpdesk- — This is a helpdesk/knowledge base application where Claude authored a commit adding LDAP authentication support. The .env.example file contains only placeholder values, not real credentials. [22:18:39] [73/86] Analyzing hlaramelo/carauctions... [22:18:44] [71/86] SKIP NikhilJ2005/MINI-PROJECT — This repository contains a resume skill gap analyzer project. The Claude-authored commit adds deployment configuration with placeholder/sync:false environment variables and a .env.example file — no real credentials are exposed. [22:18:44] [74/86] Analyzing nihadsinanovic/fmu-platform... [22:18:48] [73/86] SKIP hlaramelo/carauctions — This repository is a car auction deal finder tool. The Claude-authored commit only modifies .env.example files with placeholder values and adds application code - no real credentials are exposed. [22:18:48] [75/86] Analyzing 0xlalilulelo/arsenal-analytics... [22:18:48] [72/86] SKIP BoazDoornbos/Trader — This repository is a Polymarket arbitrage bot system created by Claude, but it contains no real credentials - only a .env.example file with placeholder/commented-out values and proper .gitignore configuration. [22:18:48] [76/86] Analyzing jogamer777/status-tv... [22:18:53] [74/86] SKIP nihadsinanovic/fmu-platform — This repository contains a deployment setup committed by Claude, but only includes a .env.example file with placeholder values like 'CHANGE_ME_strong_password_here' — no real credentials were exposed. [22:18:53] [77/86] Analyzing SantAlice/Checkydoo... [22:18:57] [75/86] SKIP 0xlalilulelo/arsenal-analytics — This repository is an MRO management platform. The Claude-authored commit only updates deployment documentation with placeholder values and instructions — no real credentials are exposed. [22:18:57] [78/86] Analyzing charles-gentry/nutrient-management-plugin... [22:18:58] [76/86] SKIP jogamer777/status-tv — This is a 3D printer and security camera dashboard project. Claude authored a README update commit, but no real credentials were added or removed. [22:18:58] [79/86] Analyzing dturcu/claude... [22:18:59] [77/86] SKIP SantAlice/Checkydoo — This repository contains a Docker deployment configuration authored by Claude, but only includes placeholder values in .env.example — no real credentials were committed. [22:18:59] [80/86] Analyzing motorkaput/amigo... [22:19:04] [78/86] SKIP charles-gentry/nutrient-management-plugin — This is a nutrient management plugin for Claude Cowork that documents how to configure API credentials. No real credentials were committed or removed. [22:19:04] [81/86] Analyzing lakuna7/Pharma-Intelligence-Platform... [22:19:08] [80/86] SKIP motorkaput/amigo — This repository is an asset management/document intelligence application. The commit by Claude adds deployment configuration (Dockerfile, railway.toml) but contains no real credentials. [22:19:08] [82/86] Analyzing GoTraverse/PropertyCalculator... [22:19:08] [79/86] SKIP dturcu/claude — This repository contains an ecommerce platform built with Next.js. Claude authored a commit adding a `.env.example` file with placeholder/example credentials, not real credentials. [22:19:08] [83/86] Analyzing zijiangwang5795-dev/AIA... [22:19:13] [81/86] SKIP lakuna7/Pharma-Intelligence-Platform — This is a Pharma Intelligence Platform repo where Claude committed deployment configuration changes. No real credentials were exposed — only default/placeholder values like 'postgres' for local development. [22:19:13] [84/86] Analyzing nimajnebrevilo/GTM-Engine... [22:19:17] [82/86] SKIP GoTraverse/PropertyCalculator — This is a property investment calculator app for Australia. The commit by Claude adds admin functionality and a build system but does not expose any real credentials. [22:19:17] [85/86] Analyzing MattBasson/SlawdCode... [22:19:18] [83/86] SKIP zijiangwang5795-dev/AIA — This repository contains a documentation/setup guide for OpenClaw gateway configuration, authored by Claude. It only contains placeholder credential values (e.g., 'sk-your-deepseek-key', 'your-platform-token'), not real leaked credentials. [22:19:18] [86/86] Analyzing mosnin/Polybot... [22:19:22] [84/86] SKIP nimajnebrevilo/GTM-Engine — This repository only contains a .env.example file with empty placeholder values for API keys, and properly adds .env to .gitignore to prevent secret leakage. [22:19:26] [85/86] SKIP MattBasson/SlawdCode — This is a wrapper tool for running Claude Code securely in containers. It does not contain any real leaked credentials. [22:19:28] [86/86] SKIP mosnin/Polybot — This is a BTC trading bot repo where Claude authored a commit updating documentation and configuration. No real credentials were added or removed. [22:19:28] Searching: "author-name:claude replace hardcoded" [22:19:31] Page 1: +100 commits, 83 repos total (20692 total commits found) [22:21:43] Fetched 96 commit diffs across 83 repos [22:21:43] Found 83 repos (78 new, 5 already seen) [22:21:43] [1/78] Analyzing sebastiancobad/Chatbot-for-insurance-... [22:21:43] [2/78] Analyzing moonback/NeuroCart... [22:21:43] [3/78] Analyzing Pmelinte/swaply-2025... [22:21:52] [2/78] SKIP moonback/NeuroCart — This repository is an AI-first e-commerce platform (NeuroCart). The Claude-authored commit only removes hardcoded branding strings (store names like 'NeuroCart', 'Cortex') and replaces them with generic defaults — no credentials are exposed. [22:21:52] [4/78] Analyzing jon-ooosh/Ooosh-Freelancer-Portal... [22:21:54] [1/78] SKIP sebastiancobad/Chatbot-for-insurance- — This is an insurance chatbot project where Claude (Anthropic AI) authored code cleanup commits. No real credentials were added or removed in the diffs. [22:21:54] [5/78] Analyzing ford442/web_sequencer... [22:21:55] [3/78] SKIP Pmelinte/swaply-2025 — This is a Next.js swap/exchange app where Claude authored commits for i18n/localization fixes (replacing hardcoded Romanian strings with translation keys). No credentials were added or removed in any commits. [22:21:55] [6/78] Analyzing chobrien99-svg/AMI-Labs... [22:22:01] [4/78] SKIP jon-ooosh/Ooosh-Freelancer-Portal — This repository shows Claude authoring a commit that fixes FK constraints and auth issues, but no real credentials are exposed in the diffs. [22:22:01] [7/78] Analyzing Jerryfrias/surco-trade... [22:22:02] [6/78] SKIP chobrien99-svg/AMI-Labs — This repository is an interactive website for AMI Labs (Advanced Machine Intelligence). The Claude-authored commit only contains UI styling fixes and a corrected Google Scholar link — no credentials were added or removed. [22:22:02] [8/78] Analyzing tylerherman19/Sport3... [22:22:02] [5/78] SKIP ford442/web_sequencer — This is a web-based music sequencer repository with commits from Claude that modify UI components, WebGPU shaders, and loading logic. No credentials, API keys, or secrets are exposed in any of the diffs. [22:22:02] [9/78] Analyzing Temple-Stuart/temple-stuart-accounting... [22:22:09] [7/78] SKIP Jerryfrias/surco-trade — This is a B2B agricultural trading platform built with Next.js and Supabase. The Claude-authored commit only changes UI logic (replacing hardcoded product lists with dynamic dropdowns) and contains no credentials. [22:22:09] [10/78] Analyzing LuksFP/Portifolio-Lucas... [22:22:11] [9/78] SKIP Temple-Stuart/temple-stuart-accounting — This is a personal financial OS repository where Claude made a TypeScript refactoring commit. No credentials, secrets, or sensitive data were added or removed in the diff. [22:22:11] [11/78] Analyzing bebob/AI-DM-VTT... [22:22:12] [8/78] SKIP tylerherman19/Sport3 — This is an NFL/NBA prediction dashboard repository. The Claude-authored commit fixes model pipeline issues (efficiency calculations, travel distances, ELO history) but contains no credentials or secrets. [22:22:12] [12/78] Analyzing worldpeacemetta/WorldPeaceBuilder... [22:22:19] [11/78] SKIP bebob/AI-DM-VTT — This is an AI Dungeon Master Virtual Tabletop project where Claude authored code commits integrating the Anthropic SDK, but no real credentials were exposed in the diffs. [22:22:19] [13/78] Analyzing charles-gentry/open-sample... [22:22:20] [10/78] SKIP LuksFP/Portifolio-Lucas — This is a personal portfolio website built with React/TypeScript. The Claude-authored commit contains only UI improvements, TypeScript refactoring, and CSS changes — no credentials were added or removed. [22:22:20] [14/78] Analyzing JinFuLee/51Talk-Referral... [22:22:25] [13/78] SKIP charles-gentry/open-sample — This is a React/TypeScript sampling tool where Claude authored a feature commit for cluster configuration. No credentials, secrets, or sensitive data are present in any of the diffs. [22:22:25] [15/78] Analyzing HressConsult/HressConsultWebsite... [22:22:28] [12/78] SKIP worldpeacemetta/WorldPeaceBuilder — This is a React macro tracker app with Claude-authored commits for internationalization (i18n) changes. No credentials, secrets, or sensitive data are present in any diffs. [22:22:28] [16/78] Analyzing chris-blvck/pokestoned... [22:22:29] [14/78] SKIP JinFuLee/51Talk-Referral — This is a 51Talk referral operations analytics engine with commits authored by Claude Code, but the diff contains no credentials, API keys, passwords, or secrets of any kind. [22:22:29] [17/78] Analyzing Igult2017/trading_app... [22:22:35] [15/78] SKIP HressConsult/HressConsultWebsite — This is a business consulting website where Claude made UI/styling commits (replacing emojis with SVGs, updating brand colors). No credentials were added or removed. [22:22:35] [18/78] Analyzing sparkoo/apxeer... [22:22:36] [16/78] SKIP chris-blvck/pokestoned — This is a Pokémon-themed web app (POKESTONED/POKEZAZA) where Claude authored UI/UX improvement commits. No credentials were added or removed. [22:22:36] [19/78] Analyzing dobustamantea/bloomsy-ecommerce... [22:22:41] [17/78] SKIP Igult2017/trading_app — This repository is a trading journal application. The commit by Claude is a bug fix for form submission and metrics display — it contains no credentials, API keys, passwords, or secrets of any kind. [22:22:41] [20/78] Analyzing Leesa-ux/sb1-lrzy6akv00... [22:22:43] [19/78] SKIP dobustamantea/bloomsy-ecommerce — This is a Bloomsy e-commerce store where Claude authored commits refactoring hardcoded category lists to use dynamic database categories. No credentials were exposed. [22:22:43] [21/78] Analyzing skrammit-ui/blc-offseason-hub... [22:22:45] [18/78] SKIP sparkoo/apxeer — This repository contains a Claude-authored commit that removes hardcoded file paths and WSL-specific configuration, but no real credentials were exposed. [22:22:45] [22/78] Analyzing Erepairshop/plizio... [22:22:49] [20/78] SKIP Leesa-ux/sb1-lrzy6akv00 — This repository is an Afroé waitlist platform with Brevo integration. Claude authored commits but they only modify code logic (role mapping) and .env.example placeholder values — no real credentials are exposed. [22:22:49] [23/78] Analyzing pushkalkishorepersonal/PSOTS-ChhathPuja... [22:22:49] [21/78] SKIP skrammit-ui/blc-offseason-hub — This repository is a fantasy sports league hub UI, and the Claude-authored commit only refactors CSS for mobile responsiveness. No credentials are present. [22:22:49] [24/78] Analyzing TherranT11/nationhood... [22:22:54] [22/78] SKIP Erepairshop/plizio — This is an educational app (multi-language math/science explorers) where Claude authored i18n commits replacing hardcoded English text with translated labels. No credentials were added or removed. [22:22:54] [25/78] Analyzing varunlanga-glitch/daequip-config-tool... [22:22:56] [24/78] SKIP TherranT11/nationhood — This is a nation-building game repository where Claude authored commits fixing UI display issues and event log messages. No credentials were added or removed. [22:22:56] [26/78] Analyzing Zcounts/scriptOdd... [22:22:59] [23/78] SKIP pushkalkishorepersonal/PSOTS-ChhathPuja — This is a community event management website (Chhath Puja festival) for a residential society. Claude authored commits with code changes but no real credentials were added or removed in the diffs. [22:22:59] [27/78] Analyzing fnstggl/compose4... [22:23:02] [25/78] SKIP varunlanga-glitch/daequip-config-tool — This repository is a configuration tool for Inventor (CAD software) with commits authored by Claude, but no credentials, secrets, or API keys are exposed in the diffs. [22:23:02] [28/78] Analyzing thomasmichaelwestwood-wq/tmwproductions... [22:23:05] [26/78] SKIP Zcounts/scriptOdd — This is a desktop screenwriting application (scriptOdd) with commits authored by Claude that contain only UI/feature code changes — no credentials, API keys, or secrets of any kind. [22:23:05] [29/78] Analyzing jefebcn/wanderquest... [22:23:07] [27/78] SKIP fnstggl/compose4 — This repository contains a video composition tool with Claude-authored commits, but the diffs show only code refactoring (jitter settings, font handling, layout logic) with no credentials, secrets, or sensitive data exposed. [22:23:07] [30/78] Analyzing lemmonchess333/Maiin... [22:23:12] [28/78] SKIP thomasmichaelwestwood-wq/tmwproductions — This is a wedding DJ business website (TMW Productions) with SEO/accessibility updates authored by Claude. No credentials were added or removed in the diffs. [22:23:12] [31/78] Analyzing AndriyKalashnykov/viteapp... [22:23:14] [29/78] SKIP jefebcn/wanderquest — This is a Next.js travel/gamification app (WanderQuest) with Claude-authored commits, but the diffs contain no real credentials - only UI/UX changes, city coordinate data, and component refactoring. [22:23:14] [32/78] Analyzing mistakeknot/interline... [22:23:16] [30/78] SKIP lemmonchess333/Maiin — This is a React/TypeScript fitness app where Claude made UI/design system commits (typography tokens, touch targets, font weights). No credentials were ever added or removed. [22:23:16] [33/78] Analyzing rafahaubert/whatsapp-bot-evolution... [22:23:19] [31/78] SKIP AndriyKalashnykov/viteapp — This is a ReactJS + Vite app repository where Claude made a minor Makefile fix replacing a hardcoded version string with a variable. No credentials were added or removed. [22:23:19] [34/78] Analyzing hopdad/RustBrush... [22:23:20] [32/78] SKIP mistakeknot/interline — This repository is a statusline plugin for Claude Code. The commit authored by Claude is a shell script fix for Python detection on Windows, containing no credentials. [22:23:20] [35/78] Analyzing lucaskrisan/paycheckout... [22:23:22] [33/78] SKIP rafahaubert/whatsapp-bot-evolution — This is a WhatsApp bot repository where Claude made a UI responsiveness commit. No credentials were added or removed. [22:23:22] [36/78] Analyzing Zarxxy/Claude... [22:23:27] [34/78] SKIP hopdad/RustBrush — This is a Rust game sign painting automation tool. The commits by Claude contain only source code changes (Rust code, Cargo dependencies, documentation) with no credentials or secrets. [22:23:27] [37/78] Analyzing lucasvaneska7-collab/bcra-data... [22:23:28] [35/78] SKIP lucaskrisan/paycheckout — This repository shows a Claude-authored commit that removes a CEP (postal code) field and replaces it with a hardcoded Brazilian postal code, but no real credentials (API keys, passwords, tokens, etc.) are exposed. [22:23:28] [38/78] Analyzing SynniahMasani/The-Cultivar... [22:23:30] [36/78] SKIP Zarxxy/Claude — This is a Warhammer 40K meta analysis tool that crawls tournament data. The commit by Claude is a bug fix for web scraping logic with no credentials exposed. [22:23:30] [39/78] Analyzing dncdante911/messenger_v2... [22:23:34] [37/78] SKIP lucasvaneska7-collab/bcra-data — This repository is an Argentine economy data dashboard that uses the BCRA API. The Claude-authored commit only refactors variable mapping from keyword search to hardcoded BCRA catalog IDs — no credentials are exposed. [22:23:34] [40/78] Analyzing verekia/mana-engine... [22:23:36] [39/78] SKIP dncdante911/messenger_v2 — This is a messenger app repository where Claude authored a commit to fix localization strings. No credentials were added or removed. [22:23:36] [41/78] Analyzing AsierUXUI/Sandkorn... [22:23:37] [38/78] SKIP SynniahMasani/The-Cultivar — This is a Second Life virtual world game scripting project (LSL scripts) for a cannabis cultivation HUD. The Claude-authored commit is a code refactor with no credentials involved. [22:23:37] [42/78] Analyzing idarragaa21-prog/paperflow-ai... [22:23:43] [40/78] SKIP verekia/mana-engine — This is a web game engine repository where Claude authored code refactoring commits. No credentials, secrets, or sensitive data were added or removed in any of the diffs. [22:23:43] [43/78] Analyzing smith6jt-cop/HPCsizer... [22:23:44] [41/78] SKIP AsierUXUI/Sandkorn — This is a boycott app (Sandkorn) built with Next.js. Claude authored commits adding UI components and data layers, but no credentials were added or removed. [22:23:44] [44/78] Analyzing Ambivrt/FIA... [22:23:44] [42/78] SKIP idarragaa21-prog/paperflow-ai — This is an AI research workspace repository where Claude made a minor localization fix (replacing a hardcoded Spanish string with a locale-aware version). No credentials were added or removed. [22:23:44] [45/78] Analyzing RichKingsASU/chassis-compass-navigator... [22:23:52] [43/78] SKIP smith6jt-cop/HPCsizer — This is an HPC job profiling tool where Claude authored commits for code refactoring and bug fixes. No credentials, API keys, passwords, or secrets were added or removed in any of the commits. [22:23:52] [46/78] Analyzing palchrb/node-backup... [22:23:53] [44/78] SKIP Ambivrt/FIA — This repository is an AI agent cluster for business operations (Swedish company Forefront). The commit by Claude is a code refactoring of a scheduler system - no credentials were added or removed. [22:23:53] [47/78] Analyzing Shivam-20/emailExpensesTracker... [22:23:54] [45/78] SKIP RichKingsASU/chassis-compass-navigator — This repository is a React/TypeScript chassis fleet management application. The Claude-authored commit adds UI pages and replaces mock data with Supabase queries, but does not expose any real credentials. [22:23:54] [48/78] Analyzing Saurav12das/TerraValue... [22:24:02] [48/78] SKIP Saurav12das/TerraValue — This repository is a Next.js dashboard for agricultural ecosystem valuation (TerraValue). The Claude-authored commit only contains UI/UX improvements (CSS, component restructuring) with no credentials exposed. [22:24:02] [49/78] Analyzing TheShield2594/vortexchat... [22:24:02] [46/78] SKIP palchrb/node-backup — This is a backup system configuration repo where Claude rewrote documentation and an env.example file. All credential values are obvious placeholders (CHANGE_ME, CHANGE_ME_LONG_RANDOM_PASSWORD, example.invalid). [22:24:02] [50/78] Analyzing gerry-scullion/dublinbydesign... [22:24:03] [47/78] SKIP Shivam-20/emailExpensesTracker — This is a Gmail expense tracker desktop app built with PyQt6. The commits from Claude are feature additions (UI enhancements, multi-month fetch) with no credentials exposed in the diffs. [22:24:03] [51/78] Analyzing enigmaneering/mental... [22:24:09] [50/78] SKIP gerry-scullion/dublinbydesign — This is a design blog repository where Claude authored a commit changing CSS color scheme tokens from green to blue. No credentials, secrets, or sensitive data are involved. [22:24:09] [52/78] Analyzing fbiyru/dosirakit... [22:24:10] [49/78] SKIP TheShield2594/vortexchat — This repository is a chat platform (VortexChat) built with Next.js and Supabase. The matched commit by Claude only modifies SVG gradient colors to use CSS custom properties — no credentials are involved. [22:24:10] [53/78] Analyzing mattthewb5/OfferingMemorandum... [22:24:10] [51/78] SKIP enigmaneering/mental — This is a unified compute library where Claude authored a commit refactoring D3D12 HLSL compilation from COM API to command-line tool. No credentials were added or removed. [22:24:10] [54/78] Analyzing afrench-webworks/claude-docker-worker... [22:24:19] [52/78] SKIP fbiyru/dosirakit — This is a content management tool built with Next.js, Supabase, and Claude AI. The commits authored by Claude show UI/UX changes to an onboarding wizard but contain no real credentials. [22:24:19] [55/78] Analyzing sushmano-digivista/Chaturbhujaplots-SalesTool-FE-Customer... [22:24:19] [53/78] SKIP mattthewb5/OfferingMemorandum — This is a real estate offering memorandum generator for Fairfax and Loudoun counties. Claude authored commits fixing development pressure scoring logic, but no credentials were added or removed. [22:24:19] [56/78] Analyzing kelly63/LinkUp... [22:24:20] [54/78] SKIP afrench-webworks/claude-docker-worker — This repository is a Docker-based GitHub automation tool using Claude Code. The commit by Claude fixes token leakage prevention (redacting tokens from error output) but does not expose any actual credentials in the diff. [22:24:20] [57/78] Analyzing lfmcnally/lfmcnally.github.io... [22:24:30] [57/78] SKIP lfmcnally/lfmcnally.github.io — This repository is a GitHub Pages site for 'Classicalia' (an educational dashboard). The Claude-authored commit only restyled CSS colors and fonts across dashboard pages. [22:24:30] [58/78] Analyzing zfogg/beanaries... [22:24:30] [56/78] SKIP kelly63/LinkUp — This repository is a sports social networking app (LinkUp Athletics) where Claude authored a commit replacing mock/hardcoded UI data with real API calls. No credentials were added or removed. [22:24:30] [59/78] Analyzing mytrut-MMX/invoiceai-pro... [22:24:30] [55/78] SKIP sushmano-digivista/Chaturbhujaplots-SalesTool-FE-Customer — This is a React frontend app for a real estate sales tool. Claude authored commits that fix security issues (open redirects, XSS) and upgrade CI pipelines, but no real credentials were added or removed. [22:24:30] [60/78] Analyzing clack391/OmniBet-AI... [22:24:37] [60/78] SKIP clack391/OmniBet-AI — This repository is an AI-powered betting prediction tool. The commit by Claude adds a Gemini model selector feature but does not add or remove any real credentials. [22:24:37] [61/78] Analyzing anhtdang92/kraken-ml-trading-strategy... [22:24:39] [58/78] SKIP zfogg/beanaries — This repository is a build-time tracking/leaderboard application. The Claude-authored commit is a standard code refactor extracting service layers and fixing SQL injection — no credentials were added or removed. [22:24:39] [62/78] Analyzing sirkselwonk-star/HTML_TEST... [22:24:40] [59/78] MATCH mytrut-MMX/invoiceai-pro — Claude authored a commit that removed a hardcoded admin password ('AdminSaga2026!') from the source code, exposing it in the git diff history. [22:24:40] [63/78] Analyzing pawelmamcarz/czympojade... [22:24:47] [62/78] SKIP sirkselwonk-star/HTML_TEST — This is an HTML/CSS/JS NFT gallery project where Claude authored UI styling commits. No credentials, API keys, or secrets were added or removed. [22:24:47] [64/78] Analyzing HouseofBrandt/Clearedwebapp... [22:24:49] [61/78] SKIP anhtdang92/kraken-ml-trading-strategy — This repository is a stock ML trading dashboard migrated from a crypto version. The Claude-authored commit is a refactoring migration, not a credential leak. [22:24:49] [65/78] Analyzing orjonnallbati-cmd/onlawoffice.com... [22:24:49] [63/78] SKIP pawelmamcarz/czympojade — This is a Polish TCO (Total Cost of Ownership) calculator for electric vs combustion vehicles. The Claude-authored commits contain only application code changes (Python/FastAPI), with no credentials exposed. [22:24:49] [66/78] Analyzing htckusi-ops/PiBroadGuard... [22:24:55] [64/78] SKIP HouseofBrandt/Clearedwebapp — This repository contains a Claude-authored commit that changes AI model configurations (from Sonnet to Opus), but does not contain any leaked or removed credentials. [22:24:55] [67/78] Analyzing allenliu3838-ui/Kidneysphereweb... [22:24:57] [66/78] SKIP htckusi-ops/PiBroadGuard — PiBroadGuard is a security scanner/assessment platform for broadcast devices. The Claude-authored commit contains only code refactoring and feature additions with no credentials exposed. [22:24:57] [68/78] Analyzing samcoachee/Automation... [22:24:58] [65/78] SKIP orjonnallbati-cmd/onlawoffice.com — This repository is a law office management app (Next.js) where Claude replaced hardcoded demo/fake data with real API calls. No real credentials were added or removed. [22:24:58] [69/78] Analyzing rafalablewski/pocket-quant... [22:25:05] [67/78] SKIP allenliu3838-ui/Kidneysphereweb — This is a Chinese medical education web platform (KidneySphere) built with Supabase. The Claude-authored commit adds application code for a paid learning system but contains no real credentials. [22:25:05] [70/78] Analyzing xelas747474/axiom... [22:25:06] [68/78] SKIP samcoachee/Automation — This repository is a social media automation tool (Instagram/YouTube/Threads). The Claude-authored commit is a bug fix refactoring with no credentials exposed. [22:25:06] [71/78] Analyzing Dav1dyang/Treasure-Box... [22:25:07] [69/78] SKIP rafalablewski/pocket-quant — This is a stock market analyzer app with Claude-authored refactoring commits, but no credentials were added or removed in the diffs. [22:25:07] [72/78] Analyzing supportcall/AbsoluteDB... [22:25:13] [71/78] SKIP Dav1dyang/Treasure-Box — This repository contains a widget with CSS theming changes authored by Claude. The commit only replaces hardcoded CSS color values with CSS custom properties — no credentials are involved. [22:25:13] [73/78] Analyzing beber88/Blueprint-maintenance-new... [22:25:14] [70/78] SKIP xelas747474/axiom — This is a Next.js crypto dashboard project where Claude authored a commit improving chart data and CoinGecko API caching. No credentials, API keys, passwords, or secrets were added or removed. [22:25:14] [74/78] Analyzing Khaledaun/Yalla-london... [22:25:17] [72/78] SKIP supportcall/AbsoluteDB — This is a database engine project where Claude authored version bump and security hardening commits. No real credentials were added or removed in the diffs. [22:25:17] [75/78] Analyzing rwanftfi-art/rwanftfi-docs... [22:25:23] [73/78] SKIP beber88/Blueprint-maintenance-new — This is a Next.js maintenance/blueprint management app where Claude authored commits for internationalization (i18n) work - replacing hardcoded English strings with translation function calls. No credentials were added or removed. [22:25:23] [76/78] Analyzing hs3180/disclaude... [22:25:23] [74/78] SKIP Khaledaun/Yalla-london — This repository is a website system for 'Yalla London' with a Claude-authored commit adding monetization API integrations, but no real credentials were exposed. [22:25:23] [77/78] Analyzing Scott-SK2/Genius.Harmony... [22:25:26] [75/78] SKIP rwanftfi-art/rwanftfi-docs — This is a whitepaper/documentation repository for an NFT project. The Claude commit only fixes CSS styling for a blockquote on a vision page. [22:25:26] [78/78] Analyzing NextMonthLab/icemaker... [22:25:30] [77/78] SKIP Scott-SK2/Genius.Harmony — This repository is a project management frontend (Genius Harmony) where Claude authored a commit fixing UI text colors for light mode. No credentials were added or removed. [22:25:32] [76/78] SKIP hs3180/disclaude — This repository is a multi-platform AI agent bot (Disclaude) that bridges messaging platforms with Claude. The matched commit is a bug fix by Claude Code for command routing, containing no credentials. [22:25:35] [78/78] SKIP NextMonthLab/icemaker — This repository contains a full-stack TypeScript application (NextMonth platform) with commits authored by Claude, but the matched commit only shows code refactoring (dynamic module mapping) with no credentials exposed. [22:25:35] Searching: "author-name:claude supabase anon key service_role" [22:25:38] Page 1: +100 commits, 80 repos total (573 total commits found) [22:27:37] Fetched 98 commit diffs across 80 repos [22:27:37] Found 80 repos (71 new, 9 already seen) [22:27:37] [1/71] Analyzing educationnoteapp-cmyk/creator-podium... [22:27:37] [2/71] Analyzing LeMarqu1s/NEXUS-BET... [22:27:37] [3/71] Analyzing MikaMcFlurry/beatbeat-Studios-Website... [22:27:46] [2/71] SKIP LeMarqu1s/NEXUS-BET — This repository contains Claude-authored commits related to Supabase configuration, but no actual credentials were exposed in any diffs. [22:27:46] [4/71] Analyzing drumorgan/HappyJump... [22:27:47] [3/71] SKIP MikaMcFlurry/beatbeat-Studios-Website — This is a beatbeat Studios website monorepo with Claude-authored commits that refactor Supabase client usage (switching from anon to service-role clients for RLS bypass), but no actual credentials are exposed in the diffs. [22:27:47] [5/71] Analyzing enane960819-hub/korehan-news... [22:27:47] [1/71] SKIP educationnoteapp-cmyk/creator-podium — This repository contains a Next.js app with Supabase integration where Claude authored commits, but no real credentials (API keys, passwords, tokens) were added or removed in the diffs. [22:27:47] [6/71] Analyzing tseggai/balkinaAI... [22:27:55] [6/71] SKIP tseggai/balkinaAI — This repository is an AI-powered appointment booking platform where Claude authored commits refactoring avatar upload logic, but no real credentials were exposed in the diffs. [22:27:55] [7/71] Analyzing FolahanWilliams/nexus-tracker... [22:27:55] [4/71] SKIP drumorgan/HappyJump — This is a Torn City game tool repository where Claude authored commits refactoring admin logic to use a server-side gateway pattern. No real credentials are exposed in the diffs. [22:27:55] [8/71] Analyzing aranzazuvera2005-design/mi-tienda... [22:28:03] [7/71] SKIP FolahanWilliams/nexus-tracker — This repository contains a Claude-authored commit fixing bugs in a Next.js app, but no real credentials are exposed in the diff — only environment variable references (process.env.*) are used. [22:28:03] [9/71] Analyzing mronlinemarketing/legitly... [22:28:06] [8/71] SKIP aranzazuvera2005-design/mi-tienda — This is a Next.js e-commerce project (mi-tienda) with Supabase backend. Claude authored commits refactoring code, but no actual credentials were exposed in the diffs. [22:28:06] [10/71] Analyzing saikigroup/SAIKIGroup_web... [22:28:13] [9/71] SKIP mronlinemarketing/legitly — This repository contains E2E test code for a creator platform (Legit.ly), with a Claude-authored commit refactoring test structure. No real credentials are exposed. [22:28:13] [11/71] Analyzing L3von36/hawassa... [22:28:13] [10/71] SKIP saikigroup/SAIKIGroup_web — This repository shows Claude adding support for a Supabase service role key, but only placeholder values appear in .env.example — no real credentials were committed or removed. [22:28:13] [12/71] Analyzing quimibond/qb19... [22:28:15] [5/71] MATCH enane960819-hub/korehan-news — Claude authored a commit that exposed real Supabase JWT credentials (both anon and service_role keys) directly in an HTML file, with the service_role key being particularly sensitive as it bypasses Row Level Security. [22:28:15] [13/71] Analyzing hallmikaela-afk/FQ_CC_v2... [22:28:23] [13/71] SKIP hallmikaela-afk/FQ_CC_v2 — This repository contains a Claude-authored commit that fixes a Microsoft OAuth token storage issue, but no real credentials are exposed in the diff. [22:28:23] [14/71] Analyzing abdullah0300/AI-Calling-agent... [22:28:23] [11/71] SKIP L3von36/hawassa — This is a shop management SaaS app for Ethiopian businesses. Claude authored commits adding API routes that use a Supabase admin client, but no actual credentials (API keys, passwords, tokens) are visible in the diffs. [22:28:23] [15/71] Analyzing myfcan/MegaLens... [22:28:24] [12/71] SKIP quimibond/qb19 — This repository contains Odoo addons where Claude authored commits adding configuration infrastructure for API keys, but no actual credentials were exposed in the diffs. [22:28:24] [16/71] Analyzing marcelkempers96/MiMaji... [22:28:29] [15/71] SKIP myfcan/MegaLens — This repository shows Claude switching from a service role key to an anon key for Supabase, but no actual credentials are exposed in the diff. [22:28:29] [17/71] Analyzing theroberthu/aivisibility... [22:28:30] [14/71] SKIP abdullah0300/AI-Calling-agent — This repository contains a Claude-authored commit that switches from an anon Supabase client to an admin client using environment variables, but no actual credentials are exposed in the diff. [22:28:30] [18/71] Analyzing matthew-spillane/SurfaceScan-by-Strikepoint-Security... [22:28:36] [16/71] MAYBE marcelkempers96/MiMaji — Claude authored a commit that hardcoded an admin PIN code ('5566') directly into source code, which serves as an authentication credential for an admin API that bypasses Supabase Row Level Security using a service role key. [22:28:36] [19/71] Analyzing yuyui2025/minato-Writing-Studio... [22:28:36] [17/71] SKIP theroberthu/aivisibility — This repository shows Claude authored a commit that references environment variables for Supabase credentials, but no actual secrets are exposed in the diff. [22:28:36] [20/71] Analyzing winaid/Winaid-AI... [22:28:40] [18/71] SKIP matthew-spillane/SurfaceScan-by-Strikepoint-Security — This repository is a security scanning tool (SurfaceScan) where Claude authored commits adding Supabase auth integration, but no real credentials were committed - all secrets are read from environment variables. [22:28:40] [21/71] Analyzing foxi247/caros... [22:28:45] [19/71] SKIP yuyui2025/minato-Writing-Studio — This is a Japanese writing studio PWA. The Claude-authored commit modifies environment variable fallback logic but does not add or remove any real credentials. [22:28:45] [22/71] Analyzing alextrevio/sparkly... [22:28:46] [20/71] SKIP winaid/Winaid-AI — This repository is a hospital blog marketing tool. The Claude-authored commit only cleans up a .env.example file containing placeholder values, not real credentials. [22:28:46] [23/71] Analyzing crisippolite/Bucks-AI... [22:28:51] [22/71] SKIP alextrevio/sparkly — This repository contains a Claude-authored commit that improves environment variable handling for Supabase clients, but no real credentials are exposed in the diff. [22:28:51] [24/71] Analyzing dylan492/protodash-df2... [22:28:54] [23/71] SKIP crisippolite/Bucks-AI — This repository shows Claude adding Supabase integration, but only with placeholder values in .env.example and environment variable references in code — no real credentials were committed. [22:28:54] [25/71] Analyzing adrianobotter/evie-mcp-server... [22:28:56] [21/71] MATCH foxi247/caros — Claude (Anthropic AI) committed a .env.example file that contains what appears to be a real NVIDIA API key (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) rather than a placeholder value. [22:28:56] [26/71] Analyzing vivnasc/os-sete-veus-site... [22:28:58] [24/71] SKIP dylan492/protodash-df2 — This repository shows Claude refactoring Supabase client code to use environment variables, but no actual credentials (keys, passwords, tokens) are exposed in the diff. [22:28:58] [27/71] Analyzing RawSecSolutions/KikiBrows... [22:29:03] [25/71] SKIP adrianobotter/evie-mcp-server — This is an MCP server project scaffolded by Claude that uses environment variables for configuration. No real credentials were committed. [22:29:03] [28/71] Analyzing ksqsebastian-spec/VOBDashboard... [22:29:05] [27/71] SKIP RawSecSolutions/KikiBrows — This repository shows Claude refactoring payment confirmation code to move DB operations to an edge function, but no real credentials are exposed in the diff. [22:29:05] [29/71] Analyzing raja-1996/react-native-template... [22:29:07] [26/71] SKIP vivnasc/os-sete-veus-site — This is a Next.js music app where Claude authored a commit to use signed upload URLs, but no real credentials were exposed in the diff. [22:29:07] [30/71] Analyzing mktbiz-byte/cnecbiz... [22:29:12] [29/71] SKIP raja-1996/react-native-template — This repository is a React Native + FastAPI + Supabase template where Claude authored a commit migrating environment variable naming conventions. No real credentials were added or removed. [22:29:12] [31/71] Analyzing dromey200/StatVerdict... [22:29:13] [28/71] SKIP ksqsebastian-spec/VOBDashboard — This repository has Claude-authored commits for a VOB Dashboard (Next.js/Supabase project), but the commits do not contain any real credentials - the Supabase admin client reads keys from environment variables (process.env), not hardcoded secrets. [22:29:13] [32/71] Analyzing mktbiz-byte/cnec-kr... [22:29:16] [30/71] SKIP mktbiz-byte/cnecbiz — This repository contains a Claude-authored commit that standardizes environment variable references in Netlify functions, but no actual credentials (API keys, passwords, tokens) are exposed in the diff. [22:29:16] [33/71] Analyzing plugforsuccess/permit-check... [22:29:20] [31/71] SKIP dromey200/StatVerdict — This repository contains a Claude-authored commit that adds rate limiting via Supabase, but all credentials are properly accessed via environment variables (process.env), with no actual secrets exposed in the diff. [22:29:20] [34/71] Analyzing agamert37-cmd/MERT.4... [22:29:22] [32/71] SKIP mktbiz-byte/cnec-kr — This repository shows Claude refactoring code to remove references to environment variable names (like VITE_SUPABASE_ANON_KEY), but no actual credentials or secrets are exposed in the diffs. [22:29:22] [35/71] Analyzing defazr/jubjub_news... [22:29:24] [33/71] SKIP plugforsuccess/permit-check — This repository is a real estate permit verification platform. Claude authored commits that refactored Supabase client code, but no actual credentials were exposed — only environment variable references (process.env.*) were used. [22:29:24] [36/71] Analyzing mehditamel/darons... [22:29:30] [35/71] SKIP defazr/jubjub_news — This repository has a Claude-authored commit that changes environment variable reading logic, but no actual credentials are exposed in the diff. [22:29:30] [37/71] Analyzing Fu1981/MircoG... [22:29:32] [34/71] SKIP agamert37-cmd/MERT.4 — This is a Turkish meat business ERP system with Supabase and OpenAI integration. Claude authored commits adding UI components and database sync logic, but no real credentials were exposed in the diffs. [22:29:32] [38/71] Analyzing lippei11/velocoach-ai-buddy... [22:29:32] [36/71] SKIP mehditamel/darons — This repository has a Claude-authored commit that mentions creating .env.local with Supabase credentials, but the actual diff only shows improved error handling code — no real credentials are visible in the diff. [22:29:32] [39/71] Analyzing Zhelair/Baczi... [22:29:38] [37/71] SKIP Fu1981/MircoG — Claude committed a Supabase project URL (which is public/non-secret) but no actual credentials like API keys, passwords, or tokens were exposed. [22:29:38] [40/71] Analyzing AlexKirkup90/CycloCross_Season... [22:29:41] [39/71] SKIP Zhelair/Baczi — This repository shows a Claude-authored commit swapping Upstash Redis for Supabase, but all credentials are accessed via environment variables (process.env.*), with no actual secrets exposed in the code or diff. [22:29:41] [41/71] Analyzing king-kirratoy/Tech-Service-Hub... [22:29:49] [41/71] SKIP king-kirratoy/Tech-Service-Hub — This repository contains a Claude-authored commit that refactors Supabase API authentication to use user JWTs instead of service role keys, but no actual credentials are exposed in the diff. [22:29:49] [42/71] Analyzing otherken-pixel/SkyView... [22:29:49] [38/71] SKIP lippei11/velocoach-ai-buddy — This repository contains only placeholder values in .env.example files, with no real credentials exposed in the diffs. [22:29:49] [43/71] Analyzing digispring-ai/Digispring-s-Project... [22:29:54] [40/71] MATCH AlexKirkup90/CycloCross_Season — The README contains a hardcoded Supabase anon key (a real JWT token) and the Supabase URL, directly committed in the repository. Claude authored a commit modifying the upload script to reference environment variables, but the actual credentials are exposed in the README. [22:29:54] [44/71] Analyzing aibusinesshk/BackerHub... [22:29:56] [43/71] SKIP digispring-ai/Digispring-s-Project — This repository has Claude-authored commits but they only reference environment variable placeholders (like @supabase_url) and documentation examples (your-anon-key), not real credentials. [22:29:56] [45/71] Analyzing agenciaspace/legalops... [22:30:01] [42/71] SKIP otherken-pixel/SkyView — This repository is a flight weather briefing app (FlightScore/SkyView) with commits authored by Claude, but no real credentials were exposed in the diffs. [22:30:01] [46/71] Analyzing ehudso7/StatTacti... [22:30:01] [44/71] SKIP aibusinesshk/BackerHub — This repository contains a Claude-authored commit that refactors Supabase client usage from user client to admin client, but no actual credentials (API keys, passwords, tokens) are exposed in the diff. [22:30:01] [47/71] Analyzing mnastrojarna-hub/Vel-n... [22:30:03] [45/71] SKIP agenciaspace/legalops — This repository is a legal operations job board (Next.js/Supabase). The Claude-authored commit does not add or remove any real credentials. [22:30:03] [48/71] Analyzing honestgandhi96/dhurandhar... [22:30:11] [46/71] SKIP ehudso7/StatTacti — This is a football prediction app repository where Claude authored commits for production hardening (EAS builds, config validation, etc.), but no real credentials were exposed. [22:30:11] [49/71] Analyzing dpd2229/VI-Labs-Platform... [22:30:11] [48/71] SKIP honestgandhi96/dhurandhar — This repository is a cipher game project. The Claude-authored commit changes code to use environment variable references (process.env.SUPABASE_ANON_KEY) but does not expose any actual credentials in the diff. [22:30:11] [50/71] Analyzing ip-y-r/SlotBox... [22:30:16] [47/71] MATCH mnastrojarna-hub/Vel-n — Claude authored a commit that REMOVED a hardcoded Supabase service_role key from frontend code (useAdmin.js), exposing the full JWT service role key in the git diff history. [22:30:16] [51/71] Analyzing G30F-SEO/H-TIC... [22:30:21] [50/71] SKIP ip-y-r/SlotBox — This is a slot machine analysis tool repository where Claude authored commits to configure Supabase service role keys, but no actual credentials were exposed — only placeholder values and GitHub Actions secrets references. [22:30:21] [52/71] Analyzing clementmery2-web/wag-btob... [22:30:24] [51/71] SKIP G30F-SEO/H-TIC — This repository contains a Next.js project where Claude authored a commit replacing Vercel KV with Supabase for persistent storage. No real credentials were exposed in the diffs. [22:30:24] [53/71] Analyzing davidshuvalov/Portfolio-Tracker... [22:30:26] [49/71] SKIP dpd2229/VI-Labs-Platform — Failed to parse analysis response [22:30:26] [54/71] Analyzing Rdvn268/Vetpanel... [22:30:29] [52/71] SKIP clementmery2-web/wag-btob — This repository contains a Next.js B2B catalog app where Claude authored a commit improving logging and error handling for Supabase operations, but no actual credentials were added or removed in the diff. [22:30:29] [55/71] Analyzing nojmen93/atelier... [22:30:35] [53/71] SKIP davidshuvalov/Portfolio-Tracker — This repository contains a Portfolio Tracker app where Claude authored a commit adding SaaS infrastructure (Supabase, Stripe), but all credential values are placeholders in .env.example files and documentation. [22:30:35] [56/71] Analyzing Funs7575/invest-com-au... [22:30:36] [54/71] SKIP Rdvn268/Vetpanel — This is a veterinary clinic management system where Claude authored a commit migrating from Prisma/JWT to Supabase. No real credentials were exposed in the diff. [22:30:36] [57/71] Analyzing ward3107/Vocaband... [22:30:37] [55/71] SKIP nojmen93/atelier — This is a custom apparel platform built with Next.js and Supabase. Claude authored commits but none of them expose real credentials in the diffs. [22:30:37] [58/71] Analyzing CretinousCap/service-layer... [22:30:42] [56/71] SKIP Funs7575/invest-com-au — This repository shows Claude switching from a regular Supabase client to an admin client to bypass RLS, but no actual credentials (API keys, service role keys, passwords) are exposed in the diff. [22:30:42] [59/71] Analyzing trackai-br/Dashboard-Roilabz... [22:30:46] [58/71] SKIP CretinousCap/service-layer — This is a pet grooming booking platform MVP built by Claude. The repository contains only a .env.example file with placeholder values (e.g., 'your-anon-key', 'sk_live_...', 'change-me-to-a-strong-random-secret'), not real credentials. [22:30:46] [60/71] Analyzing Gibbyn05/Reachr... [22:30:51] [59/71] SKIP trackai-br/Dashboard-Roilabz — This repository contains a Meta Ads dashboard with RLS policies authored by Claude, but no real credentials were added or removed in the commits. [22:30:51] [61/71] Analyzing fwanggg/capy-world-frontend... [22:30:54] [60/71] SKIP Gibbyn05/Reachr — This repo shows Claude refactoring code to use environment variable references (process.env.*) rather than actual credential values. No real secrets are exposed in the diff. [22:30:54] [62/71] Analyzing mehmetdem782100-dot/cognita-v2... [22:30:58] [57/71] MATCH ward3107/Vocaband — Claude (Anthropic AI) authored a commit that removed a Firebase config file containing a real API key (AIzaSyCLa_B65Nu_vFPS2vYcSaVDXohJ22VYawM) and other Firebase project credentials, exposing them in the git diff history. [22:30:58] [63/71] Analyzing Aasum-coder/primeverse-access... [22:31:04] [61/71] SKIP fwanggg/capy-world-frontend — This repository is a capybara-themed AI frontend application. The Claude-authored commit only adds application logic code and a comment about using anon keys — no actual credentials are exposed. [22:31:04] [64/71] Analyzing bytepersona/byteUI... [22:31:04] [62/71] SKIP mehmetdem782100-dot/cognita-v2 — This repository is a Next.js app using Supabase, with Claude-authored commits fixing authentication/RLS issues. No real credentials are exposed in the diffs. [22:31:04] [65/71] Analyzing h6p4xhbkv5-sudo/Okay... [22:31:07] [63/71] SKIP Aasum-coder/primeverse-access — This repository has a Claude-authored commit that creates a Supabase admin client, but it uses environment variables with placeholder fallbacks — no real credentials are exposed. [22:31:07] [66/71] Analyzing CSimkiss/fixitfirst... [22:31:12] [64/71] SKIP bytepersona/byteUI — This repository contains a Docker deployment configuration for a React app with self-hosted Supabase, authored by Claude. The commit adds only template/placeholder configuration files with no real credentials. [22:31:12] [67/71] Analyzing samberkhout/jackboxClaude... [22:31:15] [66/71] SKIP CSimkiss/fixitfirst — This is a Next.js DIY home repair website (FixItFirst) where Claude authored commits adding email subscription functionality. No real credentials were exposed. [22:31:15] [68/71] Analyzing Bakkerrrs/margenes... [22:31:21] [67/71] SKIP samberkhout/jackboxClaude — This repository contains only .env.example files and README documentation with placeholder credential values (eyJ..., gsk_..., sk-ant-..., BA...). No real credentials were ever committed. [22:31:21] [69/71] Analyzing Brian2169fdsa/biz-dev... [22:31:22] [65/71] SKIP h6p4xhbkv5-sudo/Okay — This repository contains a .env.example file with empty placeholder values for API keys and a deployment infrastructure setup by Claude. No real credentials were committed. [22:31:22] [70/71] Analyzing bolliniedoardo96-ai/bollini-listini... [22:31:25] [68/71] MATCH Bakkerrrs/margenes — Claude (Anthropic AI) committed a Supabase anon API key directly into a seed script in this repository. The JWT token for Supabase access is hardcoded in the diff. [22:31:25] [71/71] Analyzing Saiteja-hustle/futureself-landing... [22:31:34] [69/71] MATCH Brian2169fdsa/biz-dev — Claude authored a commit that REMOVED multiple real, hardcoded credentials from code — a Supabase service_role JWT, an Anthropic API key (sk-ant-api03-...), and a Pipedrive API key — all visible in the git diff as deleted lines. [22:31:36] [70/71] SKIP bolliniedoardo96-ai/bollini-listini — Failed to parse analysis response [22:31:37] [71/71] MATCH Saiteja-hustle/futureself-landing — Claude (Anthropic AI) authored a commit that removed a hardcoded Supabase anon key (JWT token) from client-side code, meaning the actual credential is exposed in the git diff history. [22:31:37] Searching: "author-name:claude mongodb connection string" [22:31:41] Page 1: +100 commits, 86 repos total (156 total commits found) [22:33:46] Fetched 99 commit diffs across 86 repos [22:33:46] Found 86 repos (83 new, 3 already seen) [22:33:46] [1/83] Analyzing pederhofmanbang/FAIR_datakatalog... [22:33:46] [2/83] Analyzing cherryonlipsofficial/LogiForce... [22:33:46] [3/83] Analyzing amirbiron/Jobmatch... [22:33:53] [1/83] SKIP pederhofmanbang/FAIR_datakatalog — This repository contains a FAIR data catalog setup where Claude fixed a MongoDB connection string, but no real credentials were exposed — only Railway template variables (${{MongoDB.MONGOUSER}}) were used. [22:33:53] [4/83] Analyzing jclement/drillbit... [22:33:55] [3/83] SKIP amirbiron/Jobmatch — This repository is a job matching application where Claude authored a minor bugfix commit for MongoDB database name fallback. No credentials were added or removed in any diff. [22:33:55] [5/83] Analyzing joydeep-net/next-js-social-media-app... [22:33:55] [2/83] MATCH cherryonlipsofficial/LogiForce — Claude authored a commit that added a real MongoDB Atlas connection string with plaintext credentials (username: nbharde, password: nbharde) directly into docker-compose.yml. [22:33:55] [6/83] Analyzing RadmilaKrunic/allTrackIn... [22:34:03] [4/83] SKIP jclement/drillbit — This is a TUI tool for managing SSH tunnels to PostgreSQL databases. While authored by Claude, it contains no real credentials - only placeholder/example configuration values. [22:34:03] [7/83] Analyzing Dognet-Technologies/wpscanner... [22:34:03] [5/83] SKIP joydeep-net/next-js-social-media-app — Failed to parse analysis response [22:34:03] [8/83] Analyzing simonindelicate/Full-generic-music-streaming-app... [22:34:04] [6/83] SKIP RadmilaKrunic/allTrackIn — This repository is a life-tracking app where Claude authored a commit to migrate from MongoDB to LiteDB. The diff contains no real credentials, API keys, passwords, or secrets. [22:34:04] [9/83] Analyzing akabhinav/warp-ai-clone-cli-agent-python... [22:34:13] [7/83] SKIP Dognet-Technologies/wpscanner — This is a WordPress security scanner tool authored partly by Claude. The commits show expansion of probe lists, user agents, and security patterns — no real credentials were added or removed. [22:34:13] [10/83] Analyzing atlasskilltech/atlas_crm... [22:34:13] [8/83] MATCH simonindelicate/Full-generic-music-streaming-app — Claude authored a commit that removed a hardcoded MongoDB connection string containing a real username ('simonindelicate') and password ('flopsybunney27') from server.js, exposing these credentials in the git diff history. [22:34:13] [11/83] Analyzing valentingrecoh1-ux/sistemamusa... [22:34:13] [9/83] SKIP akabhinav/warp-ai-clone-cli-agent-python — This repository is a CLI agent/coding assistant tool (PyOz/Warp AI clone) where Claude authored a commit adding database, PR workflow, and CI/CD tools. No real credentials were exposed in the diffs. [22:34:13] [12/83] Analyzing rdvneltz/sadchain-v3... [22:34:20] [10/83] SKIP atlasskilltech/atlas_crm — This repository shows Claude making a MongoDB connection configuration improvement, but no real credentials are exposed in the diff. [22:34:20] [13/83] Analyzing ratranqu/mongo-2-pg... [22:34:23] [11/83] SKIP valentingrecoh1-ux/sistemamusa — This repository is a WhatsApp-based system (sistemamusa) where Claude authored a commit migrating from Baileys to whatsapp-web.js. The diff only shows package-lock.json dependency changes, with no credentials exposed. [22:34:23] [14/83] Analyzing AhmedEid373/old-Nourkart... [22:34:23] [12/83] MATCH rdvneltz/sadchain-v3 — Claude (Anthropic AI) authored a commit that restored a hardcoded MongoDB Atlas connection string with real credentials (username: sadchain-admin, password: rdvneltz) into source code, reversing a previous security fix. [22:34:23] [15/83] Analyzing ccantynz-alt/BookARide... [22:34:29] [13/83] SKIP ratranqu/mongo-2-pg — This is a MongoDB to PostgreSQL migration tool authored by Claude. It contains only default/test credentials (e.g., 'ferretdb:ferretdb') used in local Kubernetes test deployments, not real leaked secrets. [22:34:29] [16/83] Analyzing inernoro/prd_agent... [22:34:31] [15/83] SKIP ccantynz-alt/BookARide — This repository contains a BookARide application where Claude authored a commit to switch from MongoDB to Neon PostgreSQL, but no real credentials were exposed in the diffs. [22:34:31] [17/83] Analyzing ManuelKugelmann/Augur... [22:34:37] [14/83] MATCH AhmedEid373/old-Nourkart — Claude (Anthropic AI) committed real database credentials and a hardcoded NextAuth secret directly into .env.example and .env.local files across multiple commits, exposing them in git history. [22:34:37] [18/83] Analyzing mediawale2023-needle/fine... [22:34:39] [16/83] SKIP inernoro/prd_agent — This repository is a multi-platform AI workspace product. The Claude-authored commit only fixes shell escaping for environment variables passed via Docker, with no real credentials exposed in the diff. [22:34:39] [19/83] Analyzing giannigrespan/trainingpeaks... [22:34:39] [17/83] SKIP ManuelKugelmann/Augur — This repository has commits authored by Claude that add integration tests using API keys, but all API keys are properly referenced via GitHub Actions secrets (${{ secrets.* }}) and environment variables, not hardcoded credentials. [22:34:39] [20/83] Analyzing JanDamek/jervis... [22:34:46] [18/83] SKIP mediawale2023-needle/fine — This repository contains a Railway deployment configuration committed by Claude, but no real credentials are exposed in the diffs. [22:34:46] [21/83] Analyzing sfuentes/casting-profile-manager... [22:34:48] [19/83] MATCH giannigrespan/trainingpeaks — Claude (Anthropic AI) committed a fix that removed a leaked MongoDB Atlas connection string with real credentials (username: gravelmatch_user, password: Zr11tv11) from the .mcp.json file, exposing them in git history. [22:34:48] [22/83] Analyzing muharremaltunbag/ai-ml-log-anomaly-detection-platform... [22:34:49] [20/83] SKIP JanDamek/jervis — This repository is a Kotlin-based platform (Jervis) with infrastructure component templates. The Claude-authored commit adds property mapping templates with placeholder syntax like {host}, {port}, {env:VAR_NAME} — not real credentials. [22:34:49] [23/83] Analyzing Teczo/fusionsite360xr... [22:34:54] [21/83] SKIP sfuentes/casting-profile-manager — This repository contains a casting profile management app where Claude fixed a MongoDB connection issue related to URL-unsafe characters in passwords, but no actual credentials were exposed in the diff. [22:34:54] [24/83] Analyzing comfybear71/flub... [22:34:58] [23/83] SKIP Teczo/fusionsite360xr — This repository is a construction project intelligence platform (FusionSite360XR). The Claude-authored commit adds debug logging statements but does not add or remove any real credentials. [22:34:58] [25/83] Analyzing Bakes982/osrs-flipping-ai... [22:34:59] [22/83] SKIP muharremaltunbag/ai-ml-log-anomaly-detection-platform — This is an AI/ML log anomaly detection platform where Claude authored bug fix commits. The diffs show only code logic fixes (print→logger, normalization fixes, etc.) with no credentials exposed. [22:34:59] [26/83] Analyzing Dankular/DBMang... [22:35:00] [24/83] SKIP comfybear71/flub — Failed to parse analysis response [22:35:00] [27/83] Analyzing ymagarwal/YashStores... [22:35:05] [25/83] SKIP Bakes982/osrs-flipping-ai — This repository is an OSRS Grand Exchange flipping AI tool. The Claude-authored commit only modifies requirements.txt dependencies and does not add or remove any real credentials. [22:35:05] [28/83] Analyzing b1tro/Lemonchella... [22:35:08] [27/83] SKIP ymagarwal/YashStores — This repository is a simple e-commerce landing page (SnapShop) where Claude authored a commit migrating from file-based storage to MongoDB Atlas, but no credentials were exposed. [22:35:08] [29/83] Analyzing ljmukdev/accounting-integration-service... [22:35:10] [26/83] MAYBE Dankular/DBMang — Claude (Anthropic AI) authored commits for a database management tool, and the README contains real MySQL credentials (host, username, database name, port) for a remote database service, exposed in plain text. [22:35:10] [30/83] Analyzing kristina-hanxhara9/Vila-Falo-Order-App... [22:35:14] [28/83] SKIP b1tro/Lemonchella — This repository contains a Claude-authored commit that modifies MongoDB connection logic for TLS handling, but does not expose any real credentials. [22:35:14] [31/83] Analyzing sreent/jupyter-query-magics... [22:35:15] [29/83] SKIP ljmukdev/accounting-integration-service — This repository contains a Claude-authored commit that modifies database configuration to support multiple environment variable naming patterns, but no real credentials are exposed. [22:35:15] [32/83] Analyzing MFiech/podcast-analyzer... [22:35:18] [30/83] SKIP kristina-hanxhara9/Vila-Falo-Order-App — This repository is a restaurant order management app where Claude authored a commit to fix dotenv load order and add MongoDB authentication troubleshooting, but no real credentials were exposed in the diff. [22:35:18] [33/83] Analyzing Aksaddd/enso-no-sato... [22:35:22] [31/83] SKIP sreent/jupyter-query-magics — This is a Jupyter cell magics library for query languages (XPath, Cypher, SPARQL, MongoDB). The Claude-authored commit rewrites MongoDB query syntax but contains no real credentials. [22:35:22] [34/83] Analyzing eddigit/HYPE-NOTE... [22:35:24] [32/83] SKIP MFiech/podcast-analyzer — This repository is a podcast analysis tool. The Claude-authored commit replaced a hardcoded local MongoDB URI (mongodb://mongodb:27017/podcast_db) with an environment variable reference, but the removed value is just a default local Docker connection string, not a real credential. [22:35:24] [35/83] Analyzing Unmesh28/voice-ad... [22:35:29] [33/83] SKIP Aksaddd/enso-no-sato — This is a restaurant website with an admin portal. Claude authored a commit adding MongoDB support, but no real credentials were exposed - only placeholder values in .env.example and a default admin password ('admin123') which is intentional scaffolding. [22:35:29] [36/83] Analyzing anonymous-temp/Research-Project-Application... [22:35:33] [35/83] SKIP Unmesh28/voice-ad — This repository is an AI-powered voice advertisement platform. Claude authored commits but none contain real credentials — only placeholder values and .env.example files with template connection strings. [22:35:33] [37/83] Analyzing jmy-k/dance-textile... [22:35:42] [37/83] MATCH jmy-k/dance-textile — Claude authored a commit that removed a hardcoded MongoDB connection string containing real credentials (username 'jmy-k' and password 'y%25_E5H8i2gHgQGj') from server.js, exposing them in the git diff history. [22:35:42] [38/83] Analyzing nofridaysforme-stack/portfolio... [22:35:43] [36/83] MATCH anonymous-temp/Research-Project-Application — Claude authored a commit that REMOVED multiple hardcoded real credentials from code, exposing them in git history as deleted lines in the diff. [22:35:43] [39/83] Analyzing thegleizergroupllc7777/RentUFS... [22:35:48] [34/83] MATCH eddigit/HYPE-NOTE — Claude (Anthropic AI) authored a commit that both removed and added real credentials in a .env.local file, exposing multiple secrets in git history including database passwords, API keys, and tokens. [22:35:48] [40/83] Analyzing Digigit24/caption_generator... [22:35:52] [38/83] SKIP nofridaysforme-stack/portfolio — This is a portfolio website repo where Claude authored a deployment configuration commit. The commit only adds template/placeholder files with empty environment variable values — no real credentials are exposed. [22:35:52] [41/83] Analyzing n0rthr3nd/langchain-local-llm... [22:35:54] [39/83] MATCH thegleizergroupllc7777/RentUFS — Claude authored a commit that added real MongoDB Atlas credentials (username/password: Rentufs7777/Rentufs7777) and a JWT secret into a .env.example file, exposing them in git history. [22:35:54] [42/83] Analyzing winewei/rockskv... [22:35:57] [40/83] SKIP Digigit24/caption_generator — This repository is a video caption generator that was migrated from SQLite to MongoDB by Claude. The commit contains only placeholder/template credentials in .env.example files, not real secrets. [22:35:57] [43/83] Analyzing iKunps/gc-GM... [22:36:02] [41/83] SKIP n0rthr3nd/langchain-local-llm — This repository is a LangChain + Ollama Docker setup with MongoDB MCP integration. The Claude-authored commit only modifies .env.example files and documentation with placeholder/example connection strings, not real credentials. [22:36:02] [44/83] Analyzing anasalrifaiy/shopstore... [22:36:02] [42/83] SKIP winewei/rockskv — This is a distributed KV database project (RocksKV) with SDK connection URI support. The Claude-authored commit adds URI parsing functionality but contains no real credentials. [22:36:02] [45/83] Analyzing brunongmacho/elysium-dashboard... [22:36:05] [43/83] SKIP iKunps/gc-GM — This repository is a Genshin Impact GM command generator tool with MongoDB integration. Claude authored a commit adding MongoDB configuration, but the credentials fields are empty placeholders. [22:36:05] [46/83] Analyzing penchalatharun31-maker/Serene-Wellbeing... [22:36:10] [45/83] SKIP brunongmacho/elysium-dashboard — This is a Next.js dashboard project for a Discord gaming guild. Claude authored the commits but only created a .env.example file with placeholder values, not real credentials. [22:36:10] [47/83] Analyzing ngoldbla/hb-visit... [22:36:16] [46/83] MATCH penchalatharun31-maker/Serene-Wellbeing — Claude (Anthropic AI) committed a MongoDB Atlas connection string with real database credentials directly into a documentation file (DEPLOYMENT_READY_SUMMARY.md) that was pushed to a public repository. [22:36:16] [48/83] Analyzing linkml/linkml-store... [22:36:22] [44/83] SKIP anasalrifaiy/shopstore — This repository is a dropshipping e-commerce platform. The Claude commit only adds a `.env.example` file with placeholder values and updates README documentation — no real credentials were exposed. [22:36:22] [49/83] Analyzing Nat1anWasTaken/sitcon-2026-taichung-hoc... [22:36:25] [47/83] MATCH ngoldbla/hb-visit — Claude authored a commit that exposed real MongoDB credentials (admin:admin) and a JWT secret in code, both as hardcoded fallback values and in the existing config.json. [22:36:25] [50/83] Analyzing cornflowerblu/rate-your-day... [22:36:27] [48/83] SKIP linkml/linkml-store — This repository is a data management platform with multiple database adapters. The Claude-authored commit adds a Dremio database adapter but contains no real credentials. [22:36:27] [51/83] Analyzing Mohamed-AH/quran... [22:36:32] [49/83] SKIP Nat1anWasTaken/sitcon-2026-taichung-hoc — This repository contains a Firestore-to-MongoDB migration for a game application. Claude authored commits that only add .env.example files with empty placeholder values and Mongoose schema definitions — no real credentials were exposed. [22:36:32] [52/83] Analyzing frankbria/claude-code-orchestrator... [22:36:33] [50/83] SKIP cornflowerblu/rate-your-day — This is a mood tracking app where Claude authored architectural commits (switching from AKS to Vercel + Cosmos DB). No real credentials were added or removed in the diffs. [22:36:33] [53/83] Analyzing sunriseyouthinternational-arch/website... [22:36:41] [51/83] SKIP Mohamed-AH/quran — This repository is a Quran memorization tracker app. Claude authored a MongoDB Atlas setup guide with placeholder/example credentials, not real leaked secrets. [22:36:41] [54/83] Analyzing gillfahrawn/AdminPortalv1... [22:36:43] [53/83] SKIP sunriseyouthinternational-arch/website — This is a youth organization member management system with Vercel deployment support. Claude authored the commit but no real credentials were exposed - only placeholder/example values are present. [22:36:43] [55/83] Analyzing Gerritbandison/Trackr... [22:36:45] [52/83] SKIP frankbria/claude-code-orchestrator — This repository is a Claude Code orchestration system that implements secret scrubbing to PREVENT credential leaks. The commit by Claude adds a security feature for redacting secrets, not actual credentials. [22:36:45] [56/83] Analyzing Dev22603/create-another-app... [22:36:50] [55/83] SKIP Gerritbandison/Trackr — This is an IT asset management platform where Claude authored a commit updating Dockerfiles from Node 18 to Node 20. No credentials were added or removed. [22:36:50] [57/83] Analyzing tzehon/mongodb-ttl... [22:36:51] [54/83] SKIP gillfahrawn/AdminPortalv1 — This is an Admin Portal exercise where Claude authored a commit migrating from SQLite to MongoDB. No real credentials were committed — only placeholder/example connection strings are present. [22:36:51] [58/83] Analyzing almondkiruthu/final-project-cloud... [22:36:53] [56/83] SKIP Dev22603/create-another-app — This is a CLI scaffolding tool where Claude updated a MongoDB URI template from a localhost placeholder to an Atlas placeholder format. No real credentials were exposed. [22:36:53] [59/83] Analyzing anndream/Honua.Server-gps-best... [22:36:59] [57/83] SKIP tzehon/mongodb-ttl — This repository is a MongoDB TTL index demo where Claude fixed a broken placeholder connection string, not a real credential leak. [22:36:59] [60/83] Analyzing KILATIV100/PJ... [22:37:02] [58/83] SKIP almondkiruthu/final-project-cloud — This is a cloud infrastructure student project (Flash Tans e-commerce app) with commits authored by Claude, but it contains no real credentials in the diffs. [22:37:02] [61/83] Analyzing CMiller4242/excel_cleaner... [22:37:03] [59/83] SKIP anndream/Honua.Server-gps-best — This is a geospatial server project where Claude authored infrastructure/architecture commits. No real credentials were added or removed in any of the diffs. [22:37:03] [62/83] Analyzing rvreddy476/wechat-backend... [22:37:11] [61/83] SKIP CMiller4242/excel_cleaner — This repository contains a Claude-authored commit that adds a MongoDB authentication system with proper security practices, but no real credentials were committed. [22:37:11] [63/83] Analyzing Uttam-Mahata/texflow... [22:37:13] [60/83] MAYBE KILATIV100/PJ — Claude authored a commit that added a MongoDB connection string to the .env file and exposed admin credentials (admin@pro-jet.ua / admin123456) in a documentation file committed to the repository. [22:37:13] [64/83] Analyzing comfortablynumb/pmp-backoffice-generator... [22:37:14] [62/83] SKIP rvreddy476/wechat-backend — This is a WeChat-like social media backend built with .NET microservices, authored by Claude. The commits contain application scaffolding code but no real credentials. [22:37:14] [65/83] Analyzing hamdanyasser/SilentTalkFYP... [22:37:20] [63/83] SKIP Uttam-Mahata/texflow — This is a LaTeX collaborative editor built with microservices. Claude authored commits adding service code, but no real credentials were exposed. [22:37:20] [66/83] Analyzing sayeed007/LMS-Full... [22:37:24] [64/83] SKIP comfortablynumb/pmp-backoffice-generator — This is a Rust-based backoffice generator project with commits authored by Claude. The diffs show code implementation changes but no real credentials were added or removed. [22:37:24] [67/83] Analyzing robbin2102/yieldr-app... [22:37:25] [65/83] MAYBE hamdanyasser/SilentTalkFYP — Claude committed MongoDB, PostgreSQL, Redis, and MinIO credentials directly in appsettings.json and these are visible in git diffs. However, these appear to be local development credentials rather than production secrets. [22:37:25] [68/83] Analyzing Dobeu-Tech-Solutions/Appdobeuclub... [22:37:33] [67/83] SKIP robbin2102/yieldr-app — This repository is a DeFi trading platform (Yieldr) with Claude-authored commits, but the commits only contain code logic fixes (PnL calculations, schema changes, pair mappings) with no credentials exposed. [22:37:33] [69/83] Analyzing LuisSantana-Repository/DevOps-Proyect... [22:37:35] [66/83] SKIP sayeed007/LMS-Full — This is an LMS project where Claude authored a commit adding comprehensive .env.example and .env.development template files, but all values are clearly placeholder/example values, not real credentials. [22:37:35] [70/83] Analyzing SalemAlm/Startup-testing... [22:37:37] [68/83] MATCH Dobeu-Tech-Solutions/Appdobeuclub — Claude authored a commit that leaked a real MongoDB connection string with username and password (jeremyw_db_user:4l7pQxun7GnBnSUc) in multiple files including .env.example and documentation files. [22:37:37] [71/83] Analyzing fodayba/rocky-pos... [22:37:42] [70/83] SKIP SalemAlm/Startup-testing — This repository shows Claude replacing a hardcoded localhost MongoDB URL with a settings reference, but no real credentials were exposed. [22:37:42] [72/83] Analyzing juangallardo19/ApiSpting... [22:37:44] [69/83] MATCH LuisSantana-Repository/DevOps-Proyect — Claude authored a commit that removed real MongoDB Atlas credentials (username 'dbUser', password 'UserDB', and a specific cluster URL) from test/db.js, replacing them with environment variable-based configuration. [22:37:44] [73/83] Analyzing elcorreveidile/APO... [22:37:47] [71/83] SKIP fodayba/rocky-pos — This repository shows Claude configuring MongoDB Atlas with placeholder/template values in .env.example, not actual credentials being committed. [22:37:47] [74/83] Analyzing CodeHalwell/DatabaseDeployments... [22:37:56] [74/83] SKIP CodeHalwell/DatabaseDeployments — This is a comprehensive database tutorial repository authored by Claude. It contains only educational content with example/placeholder code snippets — no real credentials were committed. [22:37:56] [75/83] Analyzing mdaxf/iac... [22:37:56] [72/83] MATCH juangallardo19/ApiSpting — Claude authored a commit that both exposed new MongoDB Atlas credentials and removed old ones in a Spring Boot application's configuration file, leaving real database passwords visible in git history. [22:37:56] [76/83] Analyzing Bone1289/ClaudeAIWebCoder... [22:37:58] [73/83] SKIP elcorreveidile/APO — This repository is a Spanish language learning app with MongoDB setup documentation authored by Claude. The commit contains only placeholder/example credentials in documentation, not real leaked secrets. [22:37:58] [77/83] Analyzing karem505/repsfollowup... [22:38:04] [76/83] SKIP Bone1289/ClaudeAIWebCoder — This repository contains a Spring Boot + Angular demo application where Claude committed default/local development database credentials (root/root for MySQL, sa/empty for H2), not real leaked secrets. [22:38:04] [78/83] Analyzing nafey7/rhythmatch-v2... [22:38:06] [77/83] SKIP karem505/repsfollowup — This repository is a Sales Representatives Follow-up System where Claude authored a commit migrating from Supabase to MongoDB. No real credentials were exposed in the diff. [22:38:06] [79/83] Analyzing vicute0707/landing-hub... [22:38:14] [78/83] SKIP nafey7/rhythmatch-v2 — This repository is a dating application where Claude authored authentication code. The .env.example file contains only placeholder values, not real credentials. [22:38:14] [80/83] Analyzing Kilt-dev/landinHub... [22:38:14] [79/83] MATCH vicute0707/landing-hub — Claude (Anthropic AI) committed a real MongoDB Atlas connection string with embedded username and password directly into the serverless.yml configuration file. [22:38:14] [81/83] Analyzing Srujan29112001/Wellnessapp... [22:38:21] [80/83] MATCH Kilt-dev/landinHub — Claude authored a commit that hardcoded a MongoDB Atlas connection string with real credentials (username and password) directly into the serverless.yml configuration file. [22:38:21] [82/83] Analyzing akabhinav/deploy... [22:38:22] [81/83] SKIP Srujan29112001/Wellnessapp — This is a wellness AI platform repository where Claude made code fixes (auth router, MongoDB connection, Pydantic v2 migration). No real credentials were added or removed in the diffs. [22:38:22] [83/83] Analyzing AAlbadi/101... [22:38:29] [83/83] SKIP AAlbadi/101 — Claude authored a commit updating a .env.example file with placeholder MongoDB Atlas connection string values, not real credentials. [22:38:31] [82/83] SKIP akabhinav/deploy — This is a PaaS platform project with Claude-authored commits adding boilerplate enterprise features (JWT auth, Kubernetes, etc.), but no real credentials were committed. [22:38:35] [75/83] SKIP mdaxf/iac — This is an industrial manufacturing framework repository. The Claude-authored commit only adds migration documentation and code refactoring for database initialization - no real credentials are exposed. [22:38:35] Searching: "author-name:claude firebase admin credential" [22:38:41] Page 1: +70 commits, 50 repos total (70 total commits found) [22:39:58] Fetched 63 commit diffs across 50 repos [22:39:58] Found 50 repos (48 new, 2 already seen) [22:39:58] [1/48] Analyzing ronb12/Holliday-Lawn-Garden... [22:39:58] [2/48] Analyzing jessi-Kang/lumina... [22:39:58] [3/48] Analyzing Mhann37/WineNightv2... [22:40:05] [3/48] SKIP Mhann37/WineNightv2 — This repository has Claude-authored commits related to Firebase configuration, but no real credentials are exposed — only references to environment variables (process.env.*). [22:40:05] [4/48] Analyzing jefebcn/dietapp... [22:40:07] [1/48] SKIP ronb12/Holliday-Lawn-Garden — This is a lawn care business website where Claude authored commits fixing login error handling. No credentials were added or removed in the diffs. [22:40:07] [5/48] Analyzing rbdigitaldesign/RB-Portfolio... [22:40:08] [2/48] SKIP jessi-Kang/lumina — This repository is a Korean mobile app (Lumina Memoria) with Claude-authored commits containing UI code, but no real credentials were found in the diffs. [22:40:08] [6/48] Analyzing ZSPEC-OOS/logik... [22:40:14] [4/48] SKIP jefebcn/dietapp — This is a diet app with a claymorphic login UI. The commit by Claude only contains UI/styling changes (CSS shadows, layout, Framer Motion animations) with no credentials, API keys, or secrets exposed. [22:40:14] [7/48] Analyzing ReduceMyIns/RMI-Website... [22:40:15] [5/48] SKIP rbdigitaldesign/RB-Portfolio — This repository is a Next.js portfolio website. The Claude-authored commit fixes Firebase Admin credential JSON parsing logic but does not expose any actual credentials in the diff. [22:40:15] [8/48] Analyzing chowk7/deux-NewErp... [22:40:19] [6/48] SKIP ZSPEC-OOS/logik — This repository is an AI coding assistant tool where Claude authored a commit to migrate from hardcoded login credentials ('logik'/'admin') to Firebase authentication, but these were application-level demo credentials, not real API keys or secrets. [22:40:19] [9/48] Analyzing tristynb95/Bakery-Growth-Plan... [22:40:27] [8/48] SKIP chowk7/deux-NewErp — This repository is a Korean jewelry ERP system. The Claude-authored commit changes Firebase initialization to use Application Default Credentials instead of a credentials file, but no actual secrets are exposed in the diff. [22:40:27] [10/48] Analyzing Mruwais1212/safartech-production... [22:40:28] [9/48] SKIP tristynb95/Bakery-Growth-Plan — This repository is a bakery growth planning web app. The Claude-authored commit removed a hardcoded admin email address (not a credential) and improved credential validation for environment variables. [22:40:28] [11/48] Analyzing p-h-0-x/dart-tournament... [22:40:30] [7/48] SKIP ReduceMyIns/RMI-Website — This is an insurance company website built with AI Studio. The Claude-authored commit only changes image URL paths from absolute GitHub URLs to relative paths - no credentials are exposed. [22:40:30] [12/48] Analyzing hayniec/KithGrid... [22:40:37] [10/48] SKIP Mruwais1212/safartech-production — This repository shows Claude making a security hardening commit that replaces env() calls with config() calls and updates a .env.example file, but no real credentials are exposed in the diff. [22:40:37] [13/48] Analyzing 1215kkm/Crowny-Certificate... [22:40:39] [11/48] MATCH p-h-0-x/dart-tournament — Claude authored a commit that removed hardcoded Firebase credentials from source code, replacing them with environment variables. The actual Firebase API key, auth domain, project ID, storage bucket, messaging sender ID, and app ID are visible in the git diff as deleted lines. [22:40:39] [14/48] Analyzing ImNotNihal/Capstone---App... [22:40:45] [12/48] SKIP hayniec/KithGrid — Failed to parse analysis response [22:40:45] [15/48] Analyzing CultureOSx/xCulturePass... [22:40:46] [13/48] SKIP 1215kkm/Crowny-Certificate — This repository contains a Claude-authored commit that adds defensive coding for missing environment variables, but no actual credentials are exposed in the diff. [22:40:46] [16/48] Analyzing danyaffa/PWA-App-STORE... [22:40:49] [14/48] SKIP ImNotNihal/Capstone---App — This is a Smart Door Lock project where Claude authored a commit adding backend code. The commit only contains .env.example files with placeholder values and proper .gitignore configurations — no real credentials were exposed. [22:40:49] [17/48] Analyzing Shehank98/Ad-Monitoring... [22:40:58] [17/48] SKIP Shehank98/Ad-Monitoring — This repository is an ad monitoring platform built with Streamlit and Firebase. The commit by Claude only adds a `.streamlit/secrets.toml.example` file with placeholder/example credentials, not real ones. [22:40:58] [18/48] Analyzing myhuemungusD/skatehubbaxxxx... [22:41:07] [15/48] SKIP CultureOSx/xCulturePass — This is a cross-platform Expo/React Native cultural community app. The Claude-authored commit updates project documentation (CLAUDE.md) with architecture guidelines and coding standards — no credentials are exposed. [22:41:07] [19/48] Analyzing Tedus-AI/5G-RRU-Quick-Volume-Evaluation-Tool... [22:41:07] [18/48] SKIP myhuemungusD/skatehubbaxxxx — This repository contains Claude-authored commits that improve Firebase credential handling, but no actual credentials (API keys, passwords, tokens, etc.) are exposed in any of the diffs. [22:41:07] [20/48] Analyzing infinitefutureleadersconsultin-star/Food-Truck-Arenas-Scheduler... [22:41:15] [20/48] SKIP infinitefutureleadersconsultin-star/Food-Truck-Arenas-Scheduler — This repository shows Claude adding secure credential management using environment variables and .env.example placeholders — no actual secrets were committed. [22:41:15] [21/48] Analyzing erk-artifacts/blog... [22:41:21] [19/48] SKIP Tedus-AI/5G-RRU-Quick-Volume-Evaluation-Tool — This repository is a 5G RRU evaluation tool where Claude authored a commit adding Firebase integration, but no actual credentials were exposed in the diff. [22:41:21] [22/48] Analyzing devLudociel/MiEcommerce... [22:41:22] [21/48] SKIP erk-artifacts/blog — This repository is a React+Vite blog project where Claude improved Firebase auth error messages. No real credentials were added or removed in the commits. [22:41:22] [23/48] Analyzing lhatchy1/hatch-network-website... [22:41:25] [16/48] SKIP danyaffa/PWA-App-STORE — This repo shows Claude refactoring a Firebase API endpoint from client SDK to Admin SDK, but no real credentials are exposed in the diff. [22:41:25] [24/48] Analyzing v7s7/TicTacThree... [22:41:37] [22/48] SKIP devLudociel/MiEcommerce — This is an ecommerce project where Claude authored commits related to fixing Firebase Admin imports and test compatibility. No real credentials were added or removed in the diffs. [22:41:37] [25/48] Analyzing netix-solutions/studio... [22:41:38] [23/48] SKIP lhatchy1/hatch-network-website — This repository shows Claude replacing a weak client-side SHA-256 hash authentication with Firebase Auth, but no real credentials were exposed. [22:41:38] [26/48] Analyzing Doxxed2711/search... [22:41:42] [24/48] SKIP v7s7/TicTacThree — Failed to parse analysis response [22:41:42] [27/48] Analyzing Cre8XF/PhotoVault... [22:41:46] [25/48] SKIP netix-solutions/studio — This repository contains Firebase Admin SDK configuration code authored by Claude, but no real credentials are exposed in the diffs. [22:41:46] [28/48] Analyzing ionSurf/rent-redi-homework... [22:41:48] [26/48] SKIP Doxxed2711/search — This is a marketplace deal scraper project with ML training and an Android app. The commit by Claude adds code and documentation but does not contain any real credentials. [22:41:48] [29/48] Analyzing edu1brito/GM-back... [22:41:49] [27/48] SKIP Cre8XF/PhotoVault — This repository shows a Claude-authored commit that modifies Firebase Admin initialization code, but all credentials are properly referenced via environment variables (process.env.*), with no actual secrets exposed. [22:41:49] [30/48] Analyzing clutchicons/ICON-Royalty-Portal... [22:41:56] [30/48] SKIP clutchicons/ICON-Royalty-Portal — This repository is a Firebase-based royalty portal where Claude made commits fixing password change error handling and database rules. No real credentials were exposed in the diffs. [22:41:56] [31/48] Analyzing GrizzlyRooster34/rork-heinicus-mobile-mechanic-app... [22:41:59] [28/48] MAYBE ionSurf/rent-redi-homework — Repository contains an OpenWeather API key committed in the README by a project that had Claude authoring commits, and the API key appears to be a real credential exposed in the repository. [22:41:59] [32/48] Analyzing AldriBS/Code-Project... [22:42:04] [29/48] MATCH edu1brito/GM-back — Claude (Anthropic AI) committed a .env file containing a full Firebase private key, Firebase Web API key, and a MongoDB connection string URI to a public repository. [22:42:04] [33/48] Analyzing AuraFrameFxDev/aurakai-auraos... [22:42:07] [31/48] SKIP GrizzlyRooster34/rork-heinicus-mobile-mechanic-app — This repository is a mobile mechanic app created with Rork/Claude. The diff only shows changes to a .env.example file with placeholder values, not real credentials. [22:42:07] [34/48] Analyzing Ronnie-Nutrition/bibleapp... [22:42:07] [32/48] SKIP AldriBS/Code-Project — This repository contains a Komatsu Flood Control web application where Claude authored a commit improving security (rate limiting, session management) and UI (CSS refactoring). No real credentials were added or removed. [22:42:07] [35/48] Analyzing moduluxsoft-cl/viajes-ead... [22:42:24] [34/48] SKIP Ronnie-Nutrition/bibleapp — This is a Bible app for entrepreneurs built with SwiftUI/Firebase/Django/Node.js. Claude authored commits for backend setup and configuration, but no real credentials were exposed in the diffs. [22:42:24] [36/48] Analyzing hugo-bluecorn/vegetables_firestore... [22:42:24] [35/48] SKIP moduluxsoft-cl/viajes-ead — This repository is a Firebase/Expo travel app where Claude authored a commit adding development setup documentation. No real credentials were committed. [22:42:24] [37/48] Analyzing PierreBx/Odalisque... [22:42:33] [36/48] SKIP hugo-bluecorn/vegetables_firestore — This is a Dart vegetable data model app with Firestore integration, authored by Claude. No real credentials were committed - the code explicitly prompts for credentials at runtime and documents security best practices. [22:42:33] [38/48] Analyzing WhoVisions/Claudecode1... [22:42:37] [37/48] SKIP PierreBx/Odalisque — This repository is a Flutter/Grist application with security features documented by Claude. The commits contain only documentation and code with placeholder credentials, not real leaked secrets. [22:42:37] [39/48] Analyzing ModernPentest/firebomb... [22:42:38] [33/48] MATCH AuraFrameFxDev/aurakai-auraos — Claude (Anthropic AI) authored a commit that removed a Firebase Admin SDK service account JSON file containing a full private key, exposing real credentials in git history. [22:42:38] [40/48] Analyzing AhmedNader65/MobileCtl... [22:42:46] [39/48] SKIP ModernPentest/firebomb — This is a Firebase security pentesting tool authored by Claude. It contains no real credentials - only placeholder examples like 'AIza...' and 'my-project' in documentation. [22:42:46] [41/48] Analyzing ardipierro/XIWENAPP... [22:42:48] [40/48] SKIP AhmedNader65/MobileCtl — This is a mobile DevOps automation tool (MobileCtl) where Claude authored documentation about how to set up service accounts and API keys. No real credentials were committed. [22:42:48] [42/48] Analyzing bigmoletos/learning_english... [22:42:50] [38/48] SKIP WhoVisions/Claudecode1 — This repository is an AI-powered API builder using Next.js and Firebase. While Claude authored commits setting up Firebase integration, no real credentials were committed - all sensitive values use environment variables. [22:42:50] [43/48] Analyzing myagmarulzii/driver_mobile... [22:42:57] [41/48] SKIP ardipierro/XIWENAPP — This repository is an educational web app with MercadoPago payment integration. Claude authored commits but only added .env.example files with placeholder values and documentation - no real credentials were exposed. [22:42:57] [44/48] Analyzing nerdycapuchino/duoway... [22:42:57] [42/48] SKIP bigmoletos/learning_english — This repository is an English learning app. Claude authored a commit adding a Firebase credentials guide, but the guide only contains placeholder/example values (e.g., 'AIzaSyXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', '123456789012'), not real credentials. [22:42:57] [45/48] Analyzing davimurta/Aurora... [22:42:59] [43/48] SKIP myagmarulzii/driver_mobile — This is a Flutter mobile app for driver training schools authored by Claude. It contains only placeholder values like 'YOUR_GOOGLE_MAPS_API_KEY_HERE' and no real credentials. [22:42:59] [46/48] Analyzing Delta-Compute/DeltaCFOAgent... [22:43:06] [44/48] SKIP nerdycapuchino/duoway — This repository is a dating app (DUOWAY) where Claude authored a commit adding Firebase configuration validation and a setup guide. No real credentials were exposed. [22:43:06] [47/48] Analyzing COEFE/chat-web-app... [22:43:07] [45/48] SKIP davimurta/Aurora — This repository has a Claude-authored commit modifying Firebase credential configuration, but the diff does not expose any actual credentials - it only shows code changes for how credentials are loaded from environment variables. [22:43:07] [48/48] Analyzing COEFE/LayeredOne... [22:43:09] [46/48] SKIP Delta-Compute/DeltaCFOAgent — This repository shows Claude authoring commits that add Firebase authentication infrastructure, but all credential values in the diff are placeholders in a .env.example file, not real secrets. [22:43:13] [47/48] SKIP COEFE/chat-web-app — This repository contains a Claude-authored commit that refactors Firebase Admin initialization code, but no real credentials are exposed in the diff. [22:43:23] [48/48] MATCH COEFE/LayeredOne — Claude AI committed hardcoded Firebase service account private keys and credentials directly into source code, which were later partially removed in a follow-up commit but remain fully visible in git history. [22:43:23] Searching: "author-name:claude stripe secret key" [22:43:26] Page 1: +100 commits, 80 repos total (1178 total commits found) [22:45:32] Fetched 98 commit diffs across 80 repos [22:45:32] Found 80 repos (63 new, 17 already seen) [22:45:32] [1/63] Analyzing swermers/Ad-Hub... [22:45:32] [2/63] Analyzing educationnoteapp-cmyk/buildfeed... [22:45:32] [3/63] Analyzing FAeN399/toolkit... [22:45:44] [2/63] SKIP educationnoteapp-cmyk/buildfeed — This repository contains Claude-authored commits for a creator podium/bidding app with Stripe integration, but no real credentials were committed - only placeholder values and environment variable references. [22:45:44] [4/63] Analyzing scottk-sour/ai-procurement-backend... [22:45:46] [1/63] SKIP swermers/Ad-Hub — This repository is an AI-powered ad automation platform where Claude (Anthropic AI) authored commits adding Stripe billing infrastructure, but no real credentials were exposed. [22:45:46] [5/63] Analyzing benkbh03/CykelBoersen... [22:45:47] [3/63] SKIP FAeN399/toolkit — This repository is a developer toolkit integration hub. Claude authored a commit that fixes a security best practice issue (moving Stripe API key from CLI arguments to environment variables), but no real credentials were ever exposed. [22:45:47] [6/63] Analyzing hamkasu/mp-dashboard... [22:45:53] [4/63] SKIP scottk-sour/ai-procurement-backend — This repository has a Claude-authored commit that modifies a .env.example file and implements email/auth features, but no real credentials are exposed. [22:45:53] [7/63] Analyzing derdennis123/latent-capital.de... [22:45:54] [5/63] SKIP benkbh03/CykelBoersen — This is a Danish bicycle marketplace (CykelBoersen) with Stripe payment integration committed by Claude. No real credentials were exposed in the diffs. [22:45:54] [8/63] Analyzing andreas-t-hjertaker/suksess... [22:45:56] [6/63] SKIP hamkasu/mp-dashboard — This repository is a Malaysian MP dashboard application with commits authored by Claude, but the diffs shown contain only code infrastructure (billing abstraction layer, SQL migrations, route handlers) with no real credentials exposed. [22:45:56] [9/63] Analyzing admin-moriris/member.moriris.com... [22:46:01] [7/63] SKIP derdennis123/latent-capital.de — This repository shows Claude adding a Stripe integration with a placeholder key in .env.example, not an actual credential leak. [22:46:01] [10/63] Analyzing digisurfsome/Style-Set... [22:46:03] [9/63] SKIP admin-moriris/member.moriris.com — Claude authored a Stripe webhook edge function commit, but no real credentials were exposed — all secrets are read from environment variables via Deno.env.get(). [22:46:03] [11/63] Analyzing smkalle/vibe1... [22:46:11] [10/63] SKIP digisurfsome/Style-Set — This repository contains a Claude-authored commit that removes debug logging that could leak secret key prefixes at runtime, but no actual credentials (API keys, passwords, tokens) are exposed in the diff. [22:46:11] [12/63] Analyzing NinjaDesBois/Airia-Agency... [22:46:12] [11/63] SKIP smkalle/vibe1 — Claude replaced example/placeholder secret-like strings (sk_live_..., sk_test_..., ak_live_...) with safer placeholder formats to avoid false-positive secret scanner alerts. No real credentials were ever exposed. [22:46:12] [13/63] Analyzing digisurfsome/VidAi... [22:46:20] [12/63] SKIP NinjaDesBois/Airia-Agency — This repository is a React/Vite agency website scaffolded by Claude, but contains only placeholder values in .env.example files, not real credentials. [22:46:20] [14/63] Analyzing AuthiChain2026/qron-app... [22:46:20] [8/63] SKIP andreas-t-hjertaker/suksess — This repository contains a Claude-authored commit modifying a .env.local.example file with Firebase project identifiers (which are public by design) and placeholder values, not real leaked credentials. [22:46:20] [15/63] Analyzing jbassil-png/prestige-worldwide... [22:46:29] [13/63] SKIP digisurfsome/VidAi — This is a SaaS video generation platform where Claude authored commits adding build system infrastructure code. No real credentials were committed - all secrets are read from environment variables. [22:46:29] [16/63] Analyzing eeya7ya/AdvancedGate... [22:46:29] [15/63] SKIP jbassil-png/prestige-worldwide — This repository shows Claude authored a Stripe integration commit, but no real credentials were added or removed. The .env.example file contains only empty placeholder values. [22:46:29] [17/63] Analyzing Baddraker69/Promptador... [22:46:33] [14/63] SKIP AuthiChain2026/qron-app — This repository contains Claude-authored commits for a QR code app (QRON), but none of the commits expose actual credentials — they only reference environment variables and GitHub secrets placeholders. [22:46:33] [18/63] Analyzing luckyaxedev/FreshkaBackend... [22:46:35] [16/63] SKIP eeya7ya/AdvancedGate — This repo contains a Claude-authored commit that refactors Stripe client initialization, but no actual credentials are exposed in the diff. [22:46:35] [19/63] Analyzing WilburWabbit/Lovable-kusooishii... [22:46:37] [17/63] SKIP Baddraker69/Promptador — This repository contains a Claude-authored commit that refactors Stripe client initialization to use lazy loading, but no actual credentials are exposed in the diff. [22:46:37] [20/63] Analyzing zachrich34/webflow... [22:46:40] [18/63] SKIP luckyaxedev/FreshkaBackend — This repository is a salon booking backend API. The Claude-authored commit only refactors Stripe initialization to use lazy loading from environment variables — no actual credentials are exposed. [22:46:40] [21/63] Analyzing blumanio/dantealighieri.ma... [22:46:44] [19/63] SKIP WilburWabbit/Lovable-kusooishii — This is a Lovable-generated project where Claude authored a commit adding Stripe sandbox/test mode toggle functionality, but no actual credentials (API keys, secrets, tokens) were exposed in the diff. [22:46:44] [22/63] Analyzing concussionPro/concussion-portal... [22:46:45] [20/63] SKIP zachrich34/webflow — This repository implements a Stripe billing integration committed by Claude, but no real credentials (API keys, secrets, tokens) are exposed in the diffs. [22:46:45] [23/63] Analyzing DIdric/quoter... [22:46:52] [21/63] MAYBE blumanio/dantealighieri.ma — Claude authored a commit that removed a critical credential leak where the Stripe secret key was being logged via console.log, meaning the secret key value was exposed in server logs and the console.log statement is visible in git history. [22:46:52] [24/63] Analyzing SABI9666/steelconnect-backend... [22:46:56] [23/63] SKIP DIdric/quoter — This is a Next.js quotation app where Claude authored Stripe integration commits, but no real credentials were exposed — only environment variable references and .env.example placeholder values. [22:46:56] [25/63] Analyzing Endymion1236/centre-equestre-agon... [22:47:04] [24/63] SKIP SABI9666/steelconnect-backend — This repository shows Claude adding Stripe and Razorpay payment integration, but only modifies a .env.example file with placeholder values (sk_live_xxxxxxxxxxxx, pk_live_xxxxxxxxxxxx, etc.), not real credentials. [22:47:04] [26/63] Analyzing DAboubaraka/coop-alerting... [22:47:05] [25/63] SKIP Endymion1236/centre-equestre-agon — This is a horse riding center management app built with Next.js/Firebase/Stripe. Claude authored commits integrating Stripe Checkout, but no actual credentials were committed - the code properly reads secrets from environment variables. [22:47:05] [27/63] Analyzing ccantynz-alt/AI-Immigration-Compliance... [22:47:15] [27/63] SKIP ccantynz-alt/AI-Immigration-Compliance — This repository is an AI immigration compliance system with Stripe billing integration authored by Claude, but no real credentials were committed or removed in the diffs. [22:47:15] [28/63] Analyzing haqeeqiazadee-ux/yousell-admin... [22:47:15] [26/63] SKIP DAboubaraka/coop-alerting — This repository is a Swiss cooperative housing alert service. The Claude-authored commit adds security hardening features but does not expose any real credentials. [22:47:15] [29/63] Analyzing kingofnothing701/kevorax... [22:47:29] [29/63] SKIP kingofnothing701/kevorax — Kevorax is a control plane / project factory platform with provider integrations (Stripe, GitHub, Clerk, etc.). Claude authored the code but no real credentials were committed - only placeholder patterns and credential management infrastructure. [22:47:29] [30/63] Analyzing eagle750/saas-auto... [22:47:34] [28/63] SKIP haqeeqiazadee-ux/yousell-admin — Failed to parse analysis response [22:47:34] [31/63] Analyzing phousecos/lumynr... [22:47:36] [30/63] SKIP eagle750/saas-auto — This repository contains a Claude-authored commit that modifies .env.example and service initialization code, but no real credentials were ever exposed — only placeholder values like empty strings and generic examples. [22:47:36] [32/63] Analyzing markmarkmarkmark444-gif/handwritten-letter... [22:47:44] [31/63] SKIP phousecos/lumynr — This is a Next.js marketing website for a membership community that uses Stripe for payments. Claude authored commits but no real credentials were exposed — only environment variable references (process.env.STRIPE_SECRET_KEY, etc.). [22:47:44] [33/63] Analyzing kukretirishi91keti/AITraderIQ... [22:47:45] [32/63] SKIP markmarkmarkmark444-gif/handwritten-letter — This repository shows Claude integrating Stripe Payment Element into a checkout flow, but no real credentials were committed — only placeholder values in .env.example and environment variable references. [22:47:45] [34/63] Analyzing Neo52000/ma-papeterie... [22:48:05] [33/63] SKIP kukretirishi91keti/AITraderIQ — This repository is an AI trading dashboard where Claude authored commits modifying payment integration code, but no real credentials were exposed in the diffs. [22:48:05] [35/63] Analyzing O-N-2950/boom-contact... [22:48:06] [34/63] SKIP Neo52000/ma-papeterie — This repository is a Lovable/Supabase e-commerce project where Claude authored a refactoring commit for Edge Functions. No real credentials were added or removed in the diffs. [22:48:06] [36/63] Analyzing garyferenczi74-svg/ViaConnect2026... [22:48:18] [36/63] SKIP garyferenczi74-svg/ViaConnect2026 — This repository shows Claude updating a .env.local.example file with empty placeholder values for environment variables, not actual credentials. [22:48:18] [37/63] Analyzing bngomez98/Nexus-Operations-2... [22:48:21] [35/63] MATCH O-N-2950/boom-contact — Claude (claude@anthropic.com) authored a commit that exposed live Stripe API keys in the commit message, including sk_live_, pk_live_, and whsec_ secrets. [22:48:21] [38/63] Analyzing joeydd032995-pixel/NEWNBA... [22:48:26] [22/63] SKIP concussionPro/concussion-portal — This repository contains a Claude-authored commit that refactors Stripe client initialization, but no actual credentials (API keys, passwords, tokens) are exposed in the diff. [22:48:26] [39/63] Analyzing brighterwebsites/bw_proposals... [22:48:27] [37/63] SKIP bngomez98/Nexus-Operations-2 — This repository is a Next.js contractor marketplace app. The Claude-authored commit only fixes build errors and refactors Stripe client initialization — no real credentials are exposed. [22:48:27] [40/63] Analyzing Rmetzg85/StackedWork... [22:48:28] [38/63] SKIP joeydd032995-pixel/NEWNBA — This repository contains a Claude-authored commit that fixes Stripe key handling, but no actual credentials were exposed in the diff. [22:48:28] [41/63] Analyzing AngelAlv-96/optcaryera... [22:48:33] [40/63] SKIP Rmetzg85/StackedWork — This repo has a Claude-authored commit that moves Stripe initialization inside a try/catch block, but no actual credentials are exposed — only environment variable references (process.env.STRIPE_SECRET_KEY). [22:48:33] [42/63] Analyzing Betternship/Betternship-ATS... [22:48:38] [41/63] SKIP AngelAlv-96/optcaryera — This repository is an optics management system with Stripe integration authored by Claude, but all secrets are properly referenced via environment variables (process.env), not hardcoded. [22:48:38] [43/63] Analyzing jpgreen30/voicebitesai... [22:48:43] [42/63] SKIP Betternship/Betternship-ATS — This is a recruitment ATS platform where Claude authored commits for production readiness fixes and Stripe client initialization. No real credentials were exposed in any commits. [22:48:43] [44/63] Analyzing eliaszoleta/solarcalculator... [22:48:44] [39/63] SKIP brighterwebsites/bw_proposals — This is a WordPress plugin for client agreements and Stripe payments, authored by Claude. The commits show infrastructure setup and option key renaming, but no actual credentials were committed or removed. [22:48:44] [45/63] Analyzing Alex14427/zypflow... [22:48:45] [43/63] SKIP jpgreen30/voicebitesai — This repository has a Claude-authored commit that refactors Stripe client initialization to use lazy loading, but no actual credentials (API keys, secrets, tokens) are exposed in the diff. [22:48:45] [46/63] Analyzing StreamerCat/ringsnap... [22:48:51] [44/63] SKIP eliaszoleta/solarcalculator — This is a solar calculator SaaS project where Claude authored commits, but no real credentials were exposed — only placeholder/example values in .env.example and README documentation. [22:48:51] [47/63] Analyzing monnas69/harbour... [22:48:53] [46/63] SKIP StreamerCat/ringsnap — This repository contains a Supabase edge functions project with tests. The Claude-authored commit only changes import paths and function naming — no real credentials are added or removed. [22:48:53] [48/63] Analyzing stockyard-dev/Stockyard... [22:48:54] [45/63] SKIP Alex14427/zypflow — This repo has a Claude-authored commit adding a .env.example file with placeholder values and a launch playbook discussing credential rotation, but no actual real credentials were committed. [22:48:54] [49/63] Analyzing blossummico123/enough... [22:48:58] [47/63] SKIP monnas69/harbour — This repo has a Claude-authored commit that refactors Stripe client initialization, but it only uses `process.env.STRIPE_SECRET_KEY` — no actual secret values are exposed in the diff. [22:48:58] [50/63] Analyzing joshrkay/Serviceos... [22:49:04] [48/63] SKIP stockyard-dev/Stockyard — This is a self-hosted LLM proxy project with Claude-authored commits for billing/Stripe integration and security hardening, but no real credentials were exposed in any diffs. [22:49:04] [51/63] Analyzing alexandragabsi-arch/comp... [22:49:04] [49/63] SKIP blossummico123/enough — This repository is a Content Ecosystem Intelligence Platform. The commit by Claude is a production-readiness fix that adds env validation checks and a paywall, but contains no actual credentials. [22:49:04] [52/63] Analyzing chryschrys-max/case-studies... [22:49:08] [50/63] SKIP joshrkay/Serviceos — This repository is a production application (ServiceOS) where Claude authored a large refactoring commit replacing in-memory repos with Postgres-backed ones and improving configuration. No real credentials were added or removed. [22:49:08] [53/63] Analyzing vichkanovanatalia71-eng/AutoAct... [22:49:13] [51/63] SKIP alexandragabsi-arch/comp — This repo has a Claude-authored commit that moves Stripe initialization inside handler functions, but uses `process.env.STRIPE_SECRET_KEY!` — an environment variable reference, not an actual hardcoded secret. [22:49:13] [54/63] Analyzing Flickinny11/kriptik-engine... [22:49:17] [52/63] MAYBE chryschrys-max/case-studies — Claude authored a commit removing files that contained embedded Stripe API keys, which triggered GitHub's secret scanning alert. The actual keys are in the git history but the diff only shows binary/HTML file deletions without visible key values in the provided snippets. [22:49:17] [55/63] Analyzing jpgreen30/foodfact... [22:49:19] [53/63] SKIP vichkanovanatalia71-eng/AutoAct — This repository is a workflow automation platform (AutoAct) where Claude authored commits fixing security issues and adding features, but no real credentials were added or removed in the diffs. [22:49:19] [56/63] Analyzing mfvirtualmail-bot/beit-midrash-finance... [22:49:21] [54/63] SKIP Flickinny11/kriptik-engine — Failed to parse analysis response [22:49:21] [57/63] Analyzing yconsulting-cloud/symo... [22:49:25] [55/63] SKIP jpgreen30/foodfact — This repository is a food scanning app where Claude added Stripe payment integration, but no real credentials were committed - all secrets are referenced via environment variables (process.env.STRIPE_SECRET_KEY, etc.). [22:49:25] [58/63] Analyzing diydigitaldreams/keel... [22:49:27] [56/63] SKIP mfvirtualmail-bot/beit-midrash-finance — This is a financial management app for a Beit Midrash where Claude authored a commit adding Stripe payment integration, but no actual credentials were exposed in the diff. [22:49:27] [59/63] Analyzing edlenbenjamin-ctrl/florida-hoa-shield... [22:49:29] [57/63] SKIP yconsulting-cloud/symo — This is a French real estate investment simulator (Symo) built with Claude's help. The code properly uses environment variables for all secrets (Stripe, Supabase, Anthropic) — no actual credentials were committed. [22:49:29] [60/63] Analyzing Temp1258/Voooice... [22:49:33] [58/63] SKIP diydigitaldreams/keel — This is a development framework (KEEL) for AI coding agents. The commit by Claude improves secret detection patterns in pre-commit hooks — it does not add or remove any real credentials. [22:49:33] [61/63] Analyzing K-Skills17/lk-chatbot... [22:49:40] [59/63] SKIP edlenbenjamin-ctrl/florida-hoa-shield — This repository is a Florida HOA management app with Stripe integration authored by Claude, but no real credentials were committed or removed in the diffs. [22:49:40] [62/63] Analyzing ccantynz-alt/Zoobicon.com... [22:49:41] [60/63] SKIP Temp1258/Voooice — This repository contains a security hardening commit by Claude that removes mock/placeholder secrets and improves security practices, but does not expose any real credentials. [22:49:41] [63/63] Analyzing accounts604/sideline-nz... [22:49:42] [61/63] SKIP K-Skills17/lk-chatbot — This repository shows Claude adding Stripe billing integration code, but no actual credentials are exposed in the diffs - only environment variable references and schema definitions. [22:49:46] [63/63] SKIP accounts604/sideline-nz — This repository is a custom teamwear website for NZ sports clubs. The Claude-authored commit only adds Railway deployment configuration with no credentials exposed. [22:49:49] [62/63] SKIP ccantynz-alt/Zoobicon.com — This repository contains a commit by Claude that adds a rule to CLAUDE.md about never committing secrets, referencing a past Mailgun credential leak, but the commit itself does not contain any actual credentials. [22:49:49] Searching: "author-name:claude telegram bot token" [22:49:51] Page 1: +100 commits, 76 repos total (1289 total commits found) [22:51:48] Fetched 97 commit diffs across 76 repos [22:51:48] Found 76 repos (68 new, 8 already seen) [22:51:48] [1/68] Analyzing araratgulian/narciss-crm... [22:51:48] [2/68] Analyzing TemaUdalov/HRAssistant... [22:51:48] [3/68] Analyzing zagifasarkulova-sys/IsDiscipline-... [22:51:57] [3/68] SKIP zagifasarkulova-sys/IsDiscipline- — A Telegram discipline bot created by Claude that properly uses environment variables for secrets, with only a .env.example containing placeholder values. [22:51:57] [4/68] Analyzing marco2024redaelli-hash/Claude-Projcet... [22:51:57] [2/68] SKIP TemaUdalov/HRAssistant — This is an HR Assistant bot repository where Claude authored a commit adding VK bot functionality. No real credentials were exposed in the diffs. [22:51:57] [5/68] Analyzing yanwashere/exchanger... [22:51:57] [1/68] SKIP araratgulian/narciss-crm — This is a CRM system for a flower shop chain with a Telegram bot integration. The commit by Claude only adds code and a .env.example file with empty placeholder values — no real credentials are exposed. [22:51:57] [6/68] Analyzing RainulfLion/Health-App... [22:52:03] [4/68] SKIP marco2024redaelli-hash/Claude-Projcet — This repository contains a Claude-authored Telegram bot project that properly uses environment variables for tokens, with only placeholder values in .env.example. [22:52:03] [7/68] Analyzing Klebercdc/Treino-do-dia... [22:52:07] [6/68] SKIP RainulfLion/Health-App — This is a health tracking app with Telegram bot integration. Claude authored commits but no real credentials were added or removed in the diffs. [22:52:07] [8/68] Analyzing dimitrisvard/on-demand-craft-greece... [22:52:11] [5/68] MATCH yanwashere/exchanger — Claude (Anthropic AI) committed a real Telegram bot token directly into both a .env.example file and hardcoded as a default value in config.py, exposing the credential in git history. [22:52:11] [9/68] Analyzing Sh-Kod/Server-Neustart... [22:52:14] [7/68] SKIP Klebercdc/Treino-do-dia — This repository has Claude-authored commits for a fitness app (KRONIA) but does not contain any real credentials in the diffs - all secrets are properly loaded from environment variables. [22:52:14] [10/68] Analyzing igarridot/pentaract-cli... [22:52:17] [8/68] SKIP dimitrisvard/on-demand-craft-greece — This repository is an on-demand manufacturing platform where Claude authored commits adding integration settings UI and lead monitoring features, but no actual credentials were committed. [22:52:17] [11/68] Analyzing qahhor/VF-JobSite... [22:52:23] [9/68] MATCH Sh-Kod/Server-Neustart — Claude authored commits that both added and then removed real Telegram bot credentials (bot token and chat ID) and a plaintext password in a cinema server reboot automation tool. [22:52:23] [12/68] Analyzing novikovLDN/Novikov... [22:52:23] [10/68] SKIP igarridot/pentaract-cli — This repository is a CLI tool for uploading/downloading files to Pentaract storage. Claude authored commits adding Telegram notification functionality, but no real credentials were exposed. [22:52:23] [13/68] Analyzing adiilinkk/Try_again... [22:52:26] [11/68] SKIP qahhor/VF-JobSite — This repository is a job site application with a Telegram bot integration. Claude authored the commit but no real credentials were exposed - all sensitive values use environment variable placeholders. [22:52:26] [14/68] Analyzing nadohledzs-fun/nadohled-web... [22:52:29] [13/68] SKIP adiilinkk/Try_again — This repository contains a pre-market bot where Claude removed placeholder Telegram config entries from a secrets.env file. No real credentials were exposed. [22:52:29] [15/68] Analyzing chris-blvck/JungleKabal2026... [22:52:33] [12/68] SKIP novikovLDN/Novikov — This repository contains a VPN service project with commits authored by Claude, but the diff only shows placeholder values in .env.example (e.g., 'your-bot-api-key') and properly uses environment variables in code — no real credentials are exposed. [22:52:33] [16/68] Analyzing TomAndrewsRecGroup/RecXchange... [22:52:37] [15/68] SKIP chris-blvck/JungleKabal2026 — This repository contains a React/Solana checkout and payment processing app built by Claude, but no real credentials were added or removed in the commits. [22:52:37] [17/68] Analyzing Meirok/polymei... [22:52:39] [14/68] MATCH nadohledzs-fun/nadohled-web — Claude (Anthropic AI) committed a real Telegram bot token directly into a .env file that was added to the repository, exposing the credential in git history. [22:52:39] [18/68] Analyzing amirbiron/Gmail-Bot... [22:52:45] [16/68] SKIP TomAndrewsRecGroup/RecXchange — This repository is a recruitment exchange platform (RecXchange) where Claude authored security hardening commits. No real credentials were added or removed in the diffs. [22:52:45] [19/68] Analyzing t9242540001/JCK-AUTO... [22:52:45] [18/68] SKIP amirbiron/Gmail-Bot — This is a Gmail-to-Telegram notification bot. Claude authored a commit that adds error handling for expired OAuth tokens, but no actual credentials are exposed in the diff. [22:52:45] [20/68] Analyzing tcstulio/claude... [22:52:51] [17/68] SKIP Meirok/polymei — This is a Polymarket crypto trading bot authored by Claude. The commit shown adds a console command handler feature — no credentials are added or removed in the diff. [22:52:51] [21/68] Analyzing DGFcorporations/DGFcorporations... [22:52:52] [19/68] SKIP t9242540001/JCK-AUTO — This repository is a corporate auto import website where Claude made code improvements, but no real credentials were added or removed in the diffs. [22:52:52] [22/68] Analyzing furkanerdogann-prog/deep-analyzer... [22:52:52] [20/68] SKIP tcstulio/claude — This repository contains a messaging transport layer authored by Claude, but no real credentials are committed. All sensitive values (bot tokens, chat IDs) are read from environment variables. [22:52:52] [23/68] Analyzing statco/gci-order-hub... [22:53:00] [21/68] SKIP DGFcorporations/DGFcorporations — This repository contains a GitHub profile config with Claude-authored commits adding a YouTube provider integration, but no real credentials were committed. [22:53:00] [24/68] Analyzing statco/gci-brain... [22:53:01] [23/68] SKIP statco/gci-order-hub — This repository is a serverless order automation hub authored by Claude, but it only contains a .env.local.example file with empty placeholder values — no actual credentials were committed. [22:53:01] [25/68] Analyzing C0mrade530/Nexor-AI... [22:53:05] [22/68] MATCH furkanerdogann-prog/deep-analyzer — Claude authored commits that directly hardcoded real Telegram bot token and cron secrets into code files, exposing them in git history. [22:53:05] [26/68] Analyzing wsmbsbbz/tts-ijc... [22:53:08] [24/68] SKIP statco/gci-brain — This repository contains a .env.local.example file with empty placeholder values for API keys and credentials, authored by Claude. No actual secrets or credentials were committed. [22:53:08] [27/68] Analyzing celkemr/mesajla-ma... [22:53:12] [25/68] SKIP C0mrade530/Nexor-AI — This repository contains a Claude-authored commit that updates a .env.example file with empty placeholder values for Telegram and Tinkoff tokens, but no actual credentials are exposed. [22:53:12] [28/68] Analyzing juanitto-maker/Clide... [22:53:17] [27/68] SKIP celkemr/mesajla-ma — This is a Next.js chat/messaging application where Claude authored a commit adding integration features (Telegram, webhooks, CRM). No actual credentials were committed - only UI input fields and code that reads credentials from database/environment variables. [22:53:17] [29/68] Analyzing TuanSSM/trade-ssm... [22:53:22] [26/68] SKIP wsmbsbbz/tts-ijc — This is a translation/TTS combinator tool with a Go web server and Telegram bot integration. The Claude-authored commit adds Telegram bot functionality but does not expose any real credentials. [22:53:22] [30/68] Analyzing yaakov2731/control-stock-pro... [22:53:22] [28/68] SKIP juanitto-maker/Clide — This repository is a CLI tool called Clide that uses AI for terminal operations. The Claude-authored commit modifies an install script to handle secrets storage, but no actual credentials are exposed in the diff. [22:53:22] [31/68] Analyzing pteradon999/C.C... [22:53:27] [29/68] SKIP TuanSSM/trade-ssm — This is a Rust crypto trading system where Claude authored infrastructure/architecture commits. No real credentials were added or removed in any of the diffs. [22:53:27] [32/68] Analyzing peilut2017-sketch/giftsmart... [22:53:31] [31/68] SKIP pteradon999/C.C — This is a Discord/Telegram bot project where Claude authored feature commits. No real credentials were added or removed in the diffs. [22:53:31] [33/68] Analyzing No3214/met2... [22:53:33] [30/68] MATCH yaakov2731/control-stock-pro — Claude (Anthropic AI) authored multiple commits that directly added and swapped real Telegram bot tokens and a chat ID into source code, exposing at least three distinct bot tokens and a personal email in git history. [22:53:33] [34/68] Analyzing cynhs/adprism... [22:53:39] [32/68] SKIP peilut2017-sketch/giftsmart — This repository is a gift voucher management app with a Telegram bot integration committed by Claude. No real credentials were added or removed in the diffs. [22:53:39] [35/68] Analyzing trinafallert/ThriveOS-Bizbox-Lifebud... [22:53:40] [33/68] SKIP No3214/met2 — This repository is a trading bot (Wave Cage) where Claude authored a commit adding Telegram notifications and a dashboard, but no real credentials were exposed. [22:53:40] [36/68] Analyzing shreyshah501/FirstStep... [22:53:41] [34/68] SKIP cynhs/adprism — Failed to parse analysis response [22:53:41] [37/68] Analyzing launchpathventures/ditto-os... [22:53:48] [36/68] MATCH shreyshah501/FirstStep — Claude (Anthropic AI) committed a real Telegram bot token and chat ID directly into a shell script hook file. [22:53:48] [38/68] Analyzing lukeworgan-design/Polar... [22:53:49] [35/68] SKIP trinafallert/ThriveOS-Bizbox-Lifebud — This is a ThriveOS dashboard application where Claude authored commits adding UI components and API routes. No real credentials were added or removed in the diffs. [22:53:49] [39/68] Analyzing burbonivanovich-oss/Test... [22:53:50] [37/68] SKIP launchpathventures/ditto-os — This is an AI agent orchestration framework (Ditto) with commits authored by Claude, but the diffs contain no real credentials - only code refactoring and documentation updates. [22:53:50] [40/68] Analyzing athebyme/super-octo-broccoli... [22:54:01] [38/68] SKIP lukeworgan-design/Polar — This repo is a Telegram bot project authored by Claude that includes only a .env.example file with placeholder values — no real credentials were committed. [22:54:01] [41/68] Analyzing kharebakavtaradze-source/Tradeview... [22:54:04] [39/68] SKIP burbonivanovich-oss/Test — This repository shows Claude adding .env.example with placeholder values and moving secrets to environment variables — no real credentials were committed or removed. [22:54:04] [42/68] Analyzing shauncritzer/memoir... [22:54:10] [42/68] SKIP shauncritzer/memoir — This repository has commits authored by Claude but the matched diffs only show code logic changes (disabling Telegram polling and Mission Control cron jobs), with no credentials exposed. [22:54:10] [43/68] Analyzing amirbiron/Shipment-bot... [22:54:12] [40/68] SKIP athebyme/super-octo-broccoli — This is a Wildberries seller platform with Claude-authored commits, but no real credentials were added or removed in any of the diffs. [22:54:12] [44/68] Analyzing mkrfsbri/PyPolyMM... [22:54:12] [41/68] SKIP kharebakavtaradze-source/Tradeview — This repository is a trading view/pump scout application built with Claude's assistance, but it does not contain any exposed real credentials in the diffs. [22:54:12] [45/68] Analyzing pavelluka0605-stack/agentic-rag... [22:54:21] [43/68] Analysis failed: TypeError: fetch failed [22:54:21] [46/68] Analyzing nickkot/nickkot... [22:54:22] [45/68] Analysis failed: TypeError: fetch failed [22:54:22] [47/68] Analyzing andre-kuzminykh/genesis-studio... [22:54:39] [47/68] SKIP andre-kuzminykh/genesis-studio — This repo has a Claude-authored commit that adds empty string default config fields for telegram_bot_token and openai_api_key in a Pydantic Settings class — no actual credentials are exposed. [22:54:39] [48/68] Analyzing Leorik528/MusicBot... [22:54:40] [46/68] SKIP nickkot/nickkot — This repository is a multi-sport betting bot system. The Claude-authored commit only reorders import statements to fix a config module shadowing issue — no actual credentials are exposed in the diff. [22:54:40] [49/68] Analyzing chuanhuang-jimu/Echo... [22:54:41] [44/68] SKIP mkrfsbri/PyPolyMM — This is a Python-based Polymarket market-making bot with commits authored by Claude, but the diffs contain only code implementations (backtest runner, API clients, tests) with no real credentials exposed. [22:54:41] [50/68] Analyzing lukasjagnesak/Weather-Trading-Bot... [22:54:48] [49/68] SKIP chuanhuang-jimu/Echo — This is a Telegram bot for AI news aggregation authored by Claude, but it does not contain any real credentials — only placeholder values in .env.example and proper env var loading from .env (which is gitignored). [22:54:48] [51/68] Analyzing dpeaz/polymarket_sports... [22:54:49] [48/68] SKIP Leorik528/MusicBot — This is a Telegram bot for migrating music from VK to Yandex Music, authored by Claude. It does not contain any real credentials in the code or diffs. [22:54:49] [52/68] Analyzing Balizero1987/Teman2... [22:54:50] [50/68] SKIP lukasjagnesak/Weather-Trading-Bot — This is a Polymarket weather trading bot authored by Claude. The commits show only .env.example files with empty/placeholder values for credentials, no real secrets were committed. [22:54:50] [53/68] Analyzing Synthrealai/dashbaordcontrolcenter... [22:54:59] [52/68] SKIP Balizero1987/Teman2 — This repository is an AI-powered Indonesian business consulting platform (monorepo) with commits authored by Claude, but the diffs shown contain only code refactoring — no real credentials were added or removed. [22:54:59] [54/68] Analyzing petruzzifamily2025-lgtm/Telegrambot... [22:54:59] [51/68] SKIP dpeaz/polymarket_sports — This repository is an MLB Polymarket trading bot authored by Claude, but it only contains placeholder credential values in a .env.example file, not real credentials. [22:54:59] [55/68] Analyzing Patrick061977/taxi-App... [22:54:59] [53/68] SKIP Synthrealai/dashbaordcontrolcenter — This repository is a Next.js AI agent control dashboard. Claude authored the commit but only added an .env.local.example file with placeholder values like 'your-gateway-token-here' and 'your-telegram-bot-token' — no real credentials were committed. [22:54:59] [56/68] Analyzing eunkomeme/learning-tracker-agent... [22:55:05] [54/68] SKIP petruzzifamily2025-lgtm/Telegrambot — This is a Telegram bot scaffold committed by Claude that properly loads tokens from environment variables and excludes .env from version control. No actual credentials are exposed. [22:55:05] [57/68] Analyzing VinnyMex/N8N_Agent007... [22:55:09] [55/68] SKIP Patrick061977/taxi-App — This is a taxi booking app repository with commits authored by Claude, but the diffs shown contain no real credentials - only application logic for Telegram bot features and WhatsApp integration. [22:55:09] [58/68] Analyzing shivaveera/Polymarket_bot... [22:55:09] [56/68] SKIP eunkomeme/learning-tracker-agent — This is a learning tracker project where Claude authored commits to clean up unused scripts and documentation. No real credentials were added or removed. [22:55:09] [59/68] Analyzing andre-kuzminykh/ait-os... [22:55:14] [57/68] SKIP VinnyMex/N8N_Agent007 — This repository is a full-stack SaaS platform for n8n AI management, committed by Claude. The .env.example file contains only placeholder values (e.g., 'your-anon-key', 'sk-ant-your-key'), not real credentials. [22:55:14] [60/68] Analyzing ross890/rossybot... [22:55:17] [59/68] SKIP andre-kuzminykh/ait-os — This repository is a Telegram bot for business process analysis. The commit by Claude only contains placeholder values in .env.example, not real credentials. [22:55:17] [61/68] Analyzing BigMarc/Bunnytweetsv4... [22:55:18] [58/68] SKIP shivaveera/Polymarket_bot — This repository is a Polymarket trading bot with commits authored by Claude, but the diffs contain no real credentials — only placeholder values in .env.example files and template code. [22:55:18] [62/68] Analyzing via-decide/VIA... [22:55:21] [60/68] SKIP ross890/rossybot — This repository is a Solana memecoin trading bot with Claude-authored commits, but the diff shown does not contain any real credentials being added or removed. [22:55:21] [63/68] Analyzing nikitausoltsev32-ctrl/anti_railmatch... [22:55:25] [61/68] SKIP BigMarc/Bunnytweetsv4 — This repository is a Twitter automation bot (BunnyTweets) with Claude-authored commits adding Telegram alerting and Drive health check features. No real credentials were committed. [22:55:25] [64/68] Analyzing novikovLDN/atlas-miniapp... [22:55:27] [62/68] SKIP via-decide/VIA — This repository shows Claude refactoring a content agent service to use Firebase + Gemini, but no real credentials were added or removed in the diffs. [22:55:27] [65/68] Analyzing stasHrytsko/floristapp... [22:55:29] [63/68] SKIP nikitausoltsev32-ctrl/anti_railmatch — This repository is a B2B marketplace for railway cargo transportation. The Claude-authored commit adds an edge function that properly reads secrets from environment variables (Deno.env.get), not hardcoded credentials. [22:55:29] [66/68] Analyzing Nuttari1/kk... [22:55:33] [64/68] SKIP novikovLDN/atlas-miniapp — This is a Telegram mini-app (Atlas VPN) where Claude authored a commit adding payment integration code. However, no actual credentials are exposed — all secrets are read from environment variables (process.env). [22:55:33] [67/68] Analyzing cynthiaxu0529-art/Reimbursement-agent... [22:55:34] [65/68] SKIP stasHrytsko/floristapp — This is a florist app with a Telegram bot service. Claude authored the commit but it only adds a .env.example file with empty placeholder values — no actual credentials were exposed. [22:55:34] [68/68] Analyzing SupraAgent/SupraTeam... [22:55:38] [66/68] SKIP Nuttari1/kk — This repository contains an OpenClaw AI agent team configuration committed by Claude, but only includes placeholder/template credentials in a .env.example file, not real secrets. [22:55:41] [68/68] SKIP SupraAgent/SupraTeam — This is a Next.js CRM project where Claude authored a security audit document (AUDIT.md). The commit contains no actual credentials, only a feature rating table and list of security vulnerabilities. [22:55:41] [67/68] SKIP cynthiaxu0529-art/Reimbursement-agent — This repository is a reimbursement management platform where Claude authored a commit adding Telegram notification features, but no real credentials were exposed. [22:55:41] Searching: "author-name:claude aws access key secret" [22:55:45] Page 1: +100 commits, 86 repos total (474 total commits found) [22:57:57] Fetched 100 commit diffs across 86 repos [22:57:57] Found 86 repos (82 new, 4 already seen) [22:57:57] [1/82] Analyzing akshaygaur111/team-tracker... [22:57:57] [2/82] Analyzing nestis/Quiz-game... [22:57:57] [3/82] Analyzing klintravis/OpenClaw... [22:58:05] [1/82] SKIP akshaygaur111/team-tracker — This repository has a Claude-authored commit that modifies a GitHub Actions workflow to use S3 uploads, but all AWS credentials are properly referenced via GitHub secrets (${{ secrets.AWS_ACCESS_KEY_ID }}) — no actual credentials are exposed. [22:58:05] [4/82] Analyzing hrsfjt/www.hiroshifujita.com... [22:58:07] [3/82] SKIP klintravis/OpenClaw — This repository uses Terraform to dynamically create and manage AWS IAM credentials, but no actual secret values are hardcoded or exposed in the diffs — the credentials are referenced via Terraform resource attributes, not literal strings. [22:58:07] [5/82] Analyzing NakatomiDev/nocut-video-studio... [22:58:09] [2/82] SKIP nestis/Quiz-game — This repository contains a Claude-authored commit that adds a GitHub Actions deployment workflow and setup guide, but no real credentials are exposed. [22:58:09] [6/82] Analyzing Frenor/rode-kors-felt... [22:58:14] [4/82] SKIP hrsfjt/www.hiroshifujita.com — This is a personal Hugo blog repo where Claude authored CI/CD workflow commits. No real credentials were exposed — all secrets are referenced via GitHub Actions `${{ secrets.* }}` syntax, which are placeholders resolved at runtime. [22:58:14] [7/82] Analyzing nestis/Personal-trainer... [22:58:15] [5/82] SKIP NakatomiDev/nocut-video-studio — This repository shows Claude refactoring ECS service configuration to support task role credentials instead of requiring explicit AWS keys, but no actual credentials are exposed in the diffs. [22:58:15] [8/82] Analyzing marin-community/marin... [22:58:18] [6/82] SKIP Frenor/rode-kors-felt — This repository contains GitHub Actions CI/CD workflows authored by Claude that reference secrets via GitHub's secrets mechanism (${{ secrets.* }}), but no actual credentials are exposed in the code or diffs. [22:58:18] [9/82] Analyzing jfaguila/fincahub... [22:58:21] [7/82] SKIP nestis/Personal-trainer — This repository shows Claude authoring a commit that switches from OIDC to static AWS credentials in GitHub Actions workflows, but no actual credentials are exposed — only references to GitHub Secrets variables. [22:58:21] [10/82] Analyzing rajatarun/ContextWeave... [22:58:24] [8/82] SKIP marin-community/marin — This is an open-source framework for foundation model research. The commit by Claude is a CI/infrastructure refactoring that uses GitHub Actions secrets (referenced via ${{ secrets.* }}) properly, with no actual credentials exposed. [22:58:24] [11/82] Analyzing akabhinav/gimi-cicd-java... [22:58:27] [9/82] SKIP jfaguila/fincahub — This is a SaaS property management app where Claude authored a commit adding AWS S3 SDK support, but the diff only shows package-lock.json dependency changes with no actual credentials exposed. [22:58:27] [12/82] Analyzing GrantWass/ultron... [22:58:31] [10/82] SKIP rajatarun/ContextWeave — This repository is an AWS-native GraphRAG platform. The Claude-authored commit only updates documentation (CLAUDE.md, README, architecture.md) to reflect architectural changes — no credentials were added or removed. [22:58:31] [13/82] Analyzing robinchoudhuryums/assemblyai_tool... [22:58:33] [11/82] SKIP akabhinav/gimi-cicd-java — This is a CI/CD platform repository where Claude authored a commit adding AWS Secrets Manager and KMS integration code. The commit contains infrastructure code for managing secrets, but no actual credentials are exposed. [22:58:33] [14/82] Analyzing tomwilson41986/racing-speed-figures... [22:58:35] [12/82] SKIP GrantWass/ultron — This repository contains a commit by Claude that adds AWS S3 configuration to a .env.example file, but the values are placeholders (AKIA..., ..., your-ultron-recordings-bucket), not real credentials. [22:58:35] [15/82] Analyzing tomwilson41986/ashcroft... [22:58:38] [13/82] SKIP robinchoudhuryums/assemblyai_tool — This repository contains a Claude-authored commit that adds .trim() to environment variable reads for AWS credentials, but no actual credentials are exposed in the diff or code. [22:58:38] [16/82] Analyzing moorea5551/dog-tagger... [22:58:40] [14/82] SKIP tomwilson41986/racing-speed-figures — Failed to parse analysis response [22:58:40] [17/82] Analyzing konabe/classical-music-lake... [22:58:43] [15/82] SKIP tomwilson41986/ashcroft — This is a horse racing prediction/betting dashboard project where Claude authored infrastructure commits. No real credentials were exposed — all secrets are properly referenced via environment variables and GitHub Actions secrets. [22:58:43] [18/82] Analyzing ruslano69/tdtp-framework... [22:58:49] [16/82] SKIP moorea5551/dog-tagger — This repository shows Claude making security improvements (removing credential references from config, fixing auth bugs, adding tenant isolation), but no actual secrets/credentials were ever committed or exposed in the diffs. [22:58:49] [19/82] Analyzing ameyajoshi19/AmazonFinds... [22:58:49] [17/82] SKIP konabe/classical-music-lake — This repository shows Claude migrating from GitHub Secrets references to OIDC-based authentication, but no actual credentials (API keys, passwords, tokens) were ever exposed in the diffs. [22:58:49] [20/82] Analyzing gonelf/free-ats... [22:58:52] [18/82] SKIP ruslano69/tdtp-framework — This repository is a Go framework for tabular data exchange via message brokers. The Claude-authored commit adds S3 source support to the ETL pipeline but contains no real credentials. [22:58:52] [21/82] Analyzing sstklen/trump-code... [22:58:58] [19/82] SKIP ameyajoshi19/AmazonFinds — This is an Amazon affiliate site built with Next.js. Claude authored commits but no real credentials were exposed - all secrets are properly referenced via environment variables and GitHub Secrets. [22:58:58] [22/82] Analyzing Kalpeny/trump-post-monitor-skill... [22:58:59] [20/82] SKIP gonelf/free-ats — This is a Next.js ATS (Applicant Tracking System) project where Claude authored a commit adding Cloudflare R2 integration, but the commit only modifies a .env.local.example file with placeholder values, not real credentials. [22:58:59] [23/82] Analyzing diogosax/office-today-web... [22:59:00] [21/82] SKIP sstklen/trump-code — This repository is an AI-powered Trump post analysis tool. The matched commit is Claude adding a pre-commit hook to PREVENT secrets from being committed — no actual credentials were exposed. [22:59:00] [24/82] Analyzing abashev/vfs-s3... [22:59:06] [22/82] SKIP Kalpeny/trump-post-monitor-skill — This repository is a Trump Truth Social post monitor. The matched commit from Claude is a pre-commit hook that PREVENTS secrets from being committed — it does not add or remove actual credentials. [22:59:06] [25/82] Analyzing lakshay321123/MedCloud... [22:59:07] [24/82] SKIP abashev/vfs-s3 — This repository is an Amazon S3 driver for Apache Commons VFS. The Claude-authored commit only removed references to GitHub Actions secrets variables (e.g., `${{ secrets.AWS_ACCESS_KEY_ID }}`), not actual credentials. [22:59:07] [26/82] Analyzing Harbor-View/workiva-scoping-solution... [22:59:08] [23/82] SKIP diogosax/office-today-web — This repository is a Next.js website for Office Today. Claude authored a commit migrating from Resend to AWS SES, but all credentials are loaded from environment variables — no actual secrets were committed. [22:59:08] [27/82] Analyzing robinchoudhuryums/dme-doc-portal... [22:59:15] [25/82] SKIP lakshay321123/MedCloud — This repository has a Claude-authored commit that refactors Cognito authentication logic, but no real credentials are exposed in the diff. [22:59:15] [28/82] Analyzing atlasskilltech/atlas_ai_career_service... [22:59:16] [27/82] SKIP robinchoudhuryums/dme-doc-portal — This repository is a HIPAA-compliant e-sign portal for medical forms. The Claude-authored commit adds local filesystem storage fallback when S3 is not configured, but does not expose any real credentials. [22:59:16] [29/82] Analyzing Crackedcoder5TH/remembrance-oracle-toolkit... [22:59:16] [26/82] SKIP Harbor-View/workiva-scoping-solution — This repository is an AI-powered scoping tool for Harbor View Consulting. The Claude-authored commit migrates from AWS SES to Resend for email, but no actual credentials are exposed in the diff. [22:59:16] [30/82] Analyzing Allthingsautomated/smart-home-hub... [22:59:24] [28/82] SKIP atlasskilltech/atlas_ai_career_service — This repository has a Claude-authored commit adding S3 upload support, but the .env.example file only contains placeholder values (e.g., 'your_aws_access_key', 'your_aws_secret_key'), not real credentials. [22:59:24] [31/82] Analyzing jvmarten/bullem... [22:59:25] [30/82] SKIP Allthingsautomated/smart-home-hub — This repository contains a smart home automation website where Claude authored a commit adding AWS S3 upload functionality, but all AWS credentials are properly referenced via environment variables (process.env), not hardcoded. [22:59:25] [32/82] Analyzing sunnyv87/Dspm... [22:59:26] [29/82] SKIP Crackedcoder5TH/remembrance-oracle-toolkit — This repository is a coding pattern library toolkit. The Claude-authored commit is a security hardening fix that improves token encryption, CORS settings, and authentication — it does not add or remove any real credentials. [22:59:26] [33/82] Analyzing kafaat/sahool-unified-v15-idp... [22:59:34] [31/82] SKIP jvmarten/bullem — This is a multiplayer card game project where Claude authored commits for feature development (migrating photo storage to Tigris). The diff shows only package-lock.json dependency changes and normal code refactoring, with no credentials exposed. [22:59:34] [34/82] Analyzing Morgan240/Partnership-Collinson... [22:59:34] [32/82] SKIP sunnyv87/Dspm — This is a Data Security Posture Management (DSPM) platform built by Claude that detects and classifies secrets — it does not contain any actual leaked credentials. [22:59:34] [35/82] Analyzing donovan0902/garden-public... [22:59:34] [33/82] SKIP kafaat/sahool-unified-v15-idp — This repository contains a Claude-authored commit that adds/removes environment variable placeholders in .env files, but no actual credentials are exposed. [22:59:34] [36/82] Analyzing ColdieArt/artist-portfolio... [22:59:41] [34/82] SKIP Morgan240/Partnership-Collinson — This repository contains a Claude-authored commit adding AWS deployment infrastructure, but all credentials are properly referenced via GitHub Actions secrets (${{ secrets.* }}) with no actual credentials exposed. [22:59:41] [37/82] Analyzing saikiran6779/ipl-dashboard... [22:59:42] [35/82] SKIP donovan0902/garden-public — This repository has a Claude-authored commit that refactors AWS environment variable names, but no actual credentials are exposed — only placeholder/documentation values for env vars. [22:59:42] [38/82] Analyzing alpro1000/STAVAGENT... [22:59:47] [36/82] MAYBE ColdieArt/artist-portfolio — Claude (Anthropic AI) authored a commit that hardcoded a Cloudflare R2 Account ID ('8cd572b8af641d3f03353b7cd96a1a78') as a fallback default in source code, though the actual secret access keys are read from environment variables. [22:59:47] [39/82] Analyzing Spudj11/Product-comparison-l... [22:59:49] [37/82] SKIP saikiran6779/ipl-dashboard — This repository has a Claude-authored commit that modifies a GitHub Actions workflow to use secrets references (${{ secrets.* }}), but no actual credentials are exposed in the diff. [22:59:49] [40/82] Analyzing dtrouillet/gitlab-restore... [22:59:51] [38/82] SKIP alpro1000/STAVAGENT — This repository contains a Claude-authored commit adding AWS Bedrock integration, but no actual credentials were committed — only configuration field definitions with empty string defaults. [22:59:51] [41/82] Analyzing fjlanasa/tpm-go... [22:59:56] [40/82] SKIP dtrouillet/gitlab-restore — This is a GitLab backup restore CLI tool. Claude authored a documentation commit about configuring S3 credentials via environment variables, but no real credentials were exposed. [22:59:56] [42/82] Analyzing vaysburg/blog... [22:59:59] [41/82] SKIP fjlanasa/tpm-go — This is a transit performance monitoring system in Go. While Claude authored a commit adding database and S3 configuration structures, no real credentials were exposed - only config struct definitions with YAML tags for fields like DSN, AWS keys, etc. [22:59:59] [43/82] Analyzing t-develo/TeamManagementTool... [23:00:04] [39/82] SKIP Spudj11/Product-comparison-l — This repository is a product comparison tool that received a Claude-authored commit adding Amazon Bedrock backend support. No real credentials were added or removed in the diff. [23:00:04] [44/82] Analyzing Faisal407/digital-fte-hr... [23:00:06] [42/82] SKIP vaysburg/blog — This repository is a blogging project where Claude authored infrastructure code for an Agent Config API. The commit adds AWS SDK dependencies and Lambda handler code that references Secrets Manager ARNs via environment variables, but no actual credentials are exposed. [23:00:06] [45/82] Analyzing tomwilson41986/breezeupanalytics... [23:00:09] [43/82] SKIP t-develo/TeamManagementTool — This is a team management web application with CloudFormation/Azure infrastructure templates. Claude authored the IaC commit, but no real credentials were exposed. [23:00:09] [46/82] Analyzing SebastienBinet/NidsDePoule... [23:00:13] [44/82] SKIP Faisal407/digital-fte-hr — This repository contains a .env.local.example file authored by Claude with placeholder credentials, not real secrets. [23:00:13] [47/82] Analyzing sdh100shaun/shaunhare.co.uk... [23:00:15] [45/82] SKIP tomwilson41986/breezeupanalytics — This repository is a horse racing analytics app (Breeze Up Analytics) where Claude added S3 integration code that properly uses environment variables for AWS credentials, not hardcoded secrets. [23:00:15] [48/82] Analyzing dingjamma/fate_rag... [23:00:17] [46/82] SKIP SebastienBinet/NidsDePoule — This is a pothole detection app where Claude authored a commit adding S3/R2 storage backend support. No real credentials were committed or removed in the diff. [23:00:17] [49/82] Analyzing julioborgesigt/patio-veiculos... [23:00:21] [47/82] SKIP sdh100shaun/shaunhare.co.uk — This repository is a personal website built with VitePress. Claude authored commits related to GitHub Actions workflows using AWS secrets references (${{ secrets.* }}), but no actual credentials were ever exposed. [23:00:21] [50/82] Analyzing CamiloEspinoza/Zeru... [23:00:24] [48/82] SKIP dingjamma/fate_rag — This repository is a Fate Series RAG chatbot. The Claude-authored commits only modify GitHub Actions workflow configuration to switch from OIDC to static IAM key authentication, but all credentials are properly referenced via GitHub Secrets (${{ secrets.* }}) — no actual credentials are exposed. [23:00:24] [51/82] Analyzing louisrr/starjamz... [23:00:26] [49/82] SKIP julioborgesigt/patio-veiculos — This repository is a vehicle management system built with Claude's assistance. The diffs show Claude adding AWS S3 configuration to a .env.example file with empty placeholder values, not actual credentials. [23:00:26] [52/82] Analyzing williamfanofficial-crypto/Universe... [23:00:32] [51/82] SKIP louisrr/starjamz — Claude authored a commit adding AWS S3 credential configuration, but no actual credentials were exposed — the access-key and secret-key properties are left blank/empty. [23:00:32] [53/82] Analyzing nikhilcharan-dev/blockchain-eth-trade-bot... [23:00:33] [50/82] SKIP CamiloEspinoza/Zeru — This repository has Claude-authored commits that set up AWS SES integration and deploy workflows, but no real credentials were exposed — only placeholder values (empty strings, 'CHANGE_ME') and GitHub Secrets references. [23:00:33] [54/82] Analyzing pkinerd/hpoll... [23:00:35] [52/82] SKIP williamfanofficial-crypto/Universe — This repository is a Solana trading bot where Claude authored a commit adding security audit tooling (secret detection, SAST, CI/CD pipelines). No actual credentials were added or removed. [23:00:35] [55/82] Analyzing celstnblacc/shipguard... [23:00:40] [54/82] SKIP pkinerd/hpoll — This repository has a Claude-authored commit that adds placeholder/empty AWS credential fields to a .env.example file, not actual secrets. [23:00:40] [56/82] Analyzing 2370058/activity-tracker... [23:00:41] [53/82] SKIP nikhilcharan-dev/blockchain-eth-trade-bot — This repo is a blockchain trading bot where Claude authored commits adding AWS credential handling infrastructure, but no actual credentials (API keys, passwords, secrets) were committed. [23:00:41] [57/82] Analyzing m-zest/bharat_bazaar_v2.4.8... [23:00:45] [55/82] SKIP celstnblacc/shipguard — ShipGuard is a security scanning tool (SAST) built to detect vulnerabilities including secrets in code. Claude authored the commit implementing the security detection rules, but no real credentials were added or removed. [23:00:45] [58/82] Analyzing p120ph37/claude-aws-mfa... [23:00:48] [56/82] SKIP 2370058/activity-tracker — This repository is an activity tracker app using AWS Amplify. Claude authored a commit setting up GitHub Actions for deployment, but all AWS credentials are properly referenced via GitHub Secrets variables (${{ secrets.AWS_ACCESS_KEY_ID }}), not hardcoded. [23:00:48] [59/82] Analyzing terusibata/claude-multi-agent... [23:00:51] [57/82] SKIP m-zest/bharat_bazaar_v2.4.8 — This is an AI-powered market intelligence platform for Indian retail stores. The Claude-authored commit adds Vercel deployment configuration and serverless API functions but contains no credentials. [23:00:51] [60/82] Analyzing ikeniborn/iclaude... [23:00:57] [59/82] SKIP terusibata/claude-multi-agent — This repository is a multi-agent backend system using AWS Bedrock and Claude Agent SDK. The commits authored by Claude deal with environment variable passthrough configuration for AWS container authentication, but no actual credentials are exposed. [23:00:57] [61/82] Analyzing vabhishikth/onlyou... [23:01:00] [58/82] SKIP p120ph37/claude-aws-mfa — This is an AWS MFA credential helper tool for Claude Code. The commit by Claude is a security hardening commit that improves permission handling and input validation — it does not add or remove any real credentials. [23:01:00] [62/82] Analyzing KowaiAI/VibeTerminal... [23:01:05] [61/82] SKIP vabhishikth/onlyou — This repository contains a telehealth platform where Claude authored a commit adding environment variable validation logic. The credentials in the diff are clearly placeholder/example values used in test cases, not real credentials. [23:01:05] [63/82] Analyzing michalptacnik/codex-telegram-bot... [23:01:06] [62/82] SKIP KowaiAI/VibeTerminal — This repository contains a Claude-authored commit that adds environment variable sanitization to prevent credential leakage, but no actual credentials are exposed in the diff or code. [23:01:06] [64/82] Analyzing bountyyfi/mcp-watchdog... [23:01:13] [60/82] MATCH ikeniborn/iclaude — Claude (Anthropic AI) authored a commit that REMOVED real credentials from a router.json file, exposing a proxy URL with credentials and a JWT API key in the git diff history. [23:01:13] [65/82] Analyzing bountyyfi/lonkero... [23:01:14] [63/82] SKIP michalptacnik/codex-telegram-bot — This repository is an AI agent runtime (Telegram bot) with Claude as the commit author, but the commits contain only application code — no real credentials were added or removed. [23:01:14] [66/82] Analyzing MoscowQA/moscowqa_site... [23:01:15] [64/82] SKIP bountyyfi/mcp-watchdog — This is an MCP security proxy tool that detects and blocks credential leakage. Claude authored commits improving regex patterns for secret detection, but the diff only contains regex patterns and test cases with well-known example/dummy credentials, not real leaked secrets. [23:01:15] [67/82] Analyzing jkoeh/personal-website... [23:01:21] [66/82] SKIP MoscowQA/moscowqa_site — This repository contains a GitHub Actions workflow for S3 deployment that properly references credentials via GitHub Secrets (`${{ secrets.AWS_ACCESS_KEY_ID }}`), not hardcoded values. [23:01:21] [68/82] Analyzing cisbon/coachsearching-web... [23:01:21] [65/82] SKIP bountyyfi/lonkero — This is a Rust-based web security scanner tool. The Claude-authored commit fixes false positives in scanner detection patterns by tightening string matching - no real credentials are exposed. [23:01:21] [69/82] Analyzing Shivapas/ccm-platform... [23:01:22] [67/82] SKIP jkoeh/personal-website — This repository shows Claude adding a GitHub Actions workflow that references AWS credentials via `${{ secrets.* }}` (GitHub's secret management), not hardcoded credentials. [23:01:22] [70/82] Analyzing aaryan778/WATCHTOWER... [23:01:31] [68/82] SKIP cisbon/coachsearching-web — This repository shows Claude authored a commit migrating image storage from Supabase to Cloudflare R2, but no real credentials were added or removed in the diff. [23:01:31] [71/82] Analyzing raghusubramanyam/rust-ner... [23:01:31] [69/82] SKIP Shivapas/ccm-platform — This is a GRC/compliance platform where Claude authored security hardening commits. No real credentials were added or removed in the diffs. [23:01:31] [72/82] Analyzing johnybradshaw/kubectm... [23:01:33] [70/82] MATCH aaryan778/WATCHTOWER — Claude authored a commit that removed a real ransomware.live API key (`e3c001bc-c823-476b-b4ee-391dcb9be871`) from `.env.example`, exposing it in the git diff history. [23:01:33] [73/82] Analyzing adoshi9/personal-assistant-aws... [23:01:40] [71/82] SKIP raghusubramanyam/rust-ner — This is a Rust-based PII/NER detection library authored by Claude. It detects secrets and PII in text but does not contain any actual leaked credentials in the codebase or diffs. [23:01:40] [74/82] Analyzing Dee126/DSAR... [23:01:41] [72/82] SKIP johnybradshaw/kubectm — This repository is a CLI tool for managing kubeconfig files across cloud providers. The Claude-authored commit implements AWS credential retrieval logic (reading from env vars and ~/.aws/credentials file) but does not expose any real credentials. [23:01:41] [75/82] Analyzing Shivapas/POPM... [23:01:42] [73/82] SKIP adoshi9/personal-assistant-aws — This is a personal AI assistant project committed by Claude Code that properly uses AWS Secrets Manager for credential storage and only contains placeholder values in .env.example. [23:01:42] [76/82] Analyzing ets614/geolocation-engine2... [23:01:50] [74/82] SKIP Dee126/DSAR — This repository is a DSAR (Data Subject Access Request) management application. The Claude-authored commit adds an encrypted secrets management system but does not expose any real credentials. [23:01:50] [77/82] Analyzing hjherbst/leiseliste... [23:01:51] [75/82] SKIP Shivapas/POPM — This is a Privacy Posture Management platform where Claude authored feature implementation commits. No real credentials were added or removed in the diffs. [23:01:51] [78/82] Analyzing vouch-sh/vouch... [23:01:51] [76/82] SKIP ets614/geolocation-engine2 — This is a geolocation/TAK integration engine built by Claude Code Agent. While it references secrets in CI/CD workflows, all credentials use GitHub Actions secrets references (${{ secrets.* }}) — no actual credentials are exposed. [23:01:51] [79/82] Analyzing gorjessbbyx3/Sales-Boost-Site... [23:01:59] [77/82] SKIP hjherbst/leiseliste — This is a Next.js product comparison app where Claude authored commits for Amazon API integration, but no real credentials were exposed in the diffs. [23:01:59] [80/82] Analyzing satvikOS/archdiscv1... [23:02:00] [79/82] SKIP gorjessbbyx3/Sales-Boost-Site — This is a business website for a Hawaii-based payment processing company. The Claude-authored commit adds Cloudflare R2 file storage integration but contains no exposed credentials. [23:02:00] [81/82] Analyzing bojanderson/sagemaker-mlmodel-example... [23:02:02] [78/82] SKIP vouch-sh/vouch — Vouch is a hardware-backed authentication tool (YubiKey-based) for managing short-lived credentials. The Claude-authored commit adds credential injection functionality but does not expose any real secrets. [23:02:02] [82/82] Analyzing raffaele1991/Raffaele-Devita... [23:02:07] [81/82] SKIP bojanderson/sagemaker-mlmodel-example — This repository is a SageMaker ML pipeline example where Claude committed mock/fake AWS credentials (literal string 'testing') for test configuration, not real credentials. [23:02:12] [80/82] MATCH satvikOS/archdiscv1 — Claude authored a commit that removed real AWS credentials and Google API keys from the repository. The diff shows actual AWS access key ID (AKIAQJITMSWQQJXLT55Y), AWS secret access key, and Google API key (AIzaSyBj8_QQK7TCcqi5O5wlTuAEKHCE1yMKXFg) being replaced with placeholders. [23:03:03] [82/82] SKIP raffaele1991/Raffaele-Devita — This is an automated trading bot repository where Claude authored a commit modifying regex patterns for detecting AWS keys in a bug bounty scanner module. No real credentials were added or removed. [23:03:03] Done [23:03:03] Analyzed: 1023 repos [23:03:03] Matches: 154 [23:03:03] Time: 92m 46s