HIGH · CVSS 8.0
Class vulnerability — Cursor / Claude Code dot-directory credential capture
AI coding tools capture credentials into .cursor/.claude/.continue/. Not added to .gitignore by default = shipped to npm/git.
Affects
- Cursor + Claude Code + Continue + Cline users not adding dot-dirs to .gitignore
What an attacker does
Lakera Apr 2026: 33 of 428 npm packages with .claude/settings.local.json had live creds. Bitwarden CLI Apr 2026 hijack hunted these paths.
How to detect
ls -la for dot-dirs + grep .gitignore
How to fix
Add .cursor/, .claude/, .continue/, .cline/ to .gitignore + .npmignore
Securie findinghigh · CVSS 8.0
CVE-2025-XXXXHow Securie catches CVE-2025-XXXX
Securie's secret_scanner specialist live_validates dot-dir inclusion in publish artifacts.
Scan my repo for CVE-2025-XXXX →Securie scans every PR · free during early access