phantom-secrets

MCP Tool

ashlrai/phantom-secrets

One command. AI uses your API keys safely. Open-source Rust CLI with MCP server for Claude Code.

Install

$ npx loaditout add ashlrai/phantom-secrets

Platform-specific configuration:

.claude/settings.json

{
  "mcpServers": {
    "phantom-secrets": {
      "command": "npx",
      "args": [
        "-y",
        "phantom-secrets"
      ]
    }
  }
}

Add the config above to .claude/settings.json under the mcpServers key.

About

Phantom

AI uses your keys. Safely.

[](https://github.com/ashlrai/phantom-secrets/stargazers) [](https://github.com/ashlrai/phantom-secrets/actions/workflows/ci.yml) [](https://www.npmjs.com/package/phantom-secrets) [](LICENSE) [](https://phm.dev)

AI coding agents read your .env files, putting API keys into LLM context windows where they leak via prompt injection, session logs, malicious MCP servers, or training data. GitGuardian reports AI-assisted commits leak secrets at 2x the baseline rate.

Phantom replaces real secrets with inert tokens. A local proxy swaps them back at the network layer. The AI never sees a real key.

Quick Start

$ npx phantom-secrets init
# Auto-detects .env, .env.local, or .env in subdirectories
# Stores real secrets in OS keychain, rewrites .env with phantom tokens
# Auto-configures Claude Code MCP server if detected

$ phantom exec -- claude
# Proxy running on 127.0.0.1:54321 — AI sees phantom tokens, proxy injects real keys

How It Works

  .env file (safe to leak)          OS Keychain / Vault
  +--------------------------+      +---------------------+
  | OPENAI_API_KEY=phm_a7f3  | ---> | sk-real-secret-key  |
  | STRIPE_KEY=phm_c9d1...   |      | sk_live_real-key... |
  +--------------------------+      +---------------------+
           |                                 |
           v                                 v
  AI Agent (Claude, Cursor)         Phantom Proxy (127.0.0.1)
  +--------------------------+      +------------------------------+
  | Reads .env               |      | Intercepts HTTP requests     |
  | Sees only phm_ tokens    | ---> | Replace

Reviews

Loading reviews...

Quality Signals

Stars

Installs

Last updated14 days ago

Security: AREADME

New

Safety

Risk Levelmedium

Data Access

read

Network Accessnone

Details

Sourcegithub-crawl

Last commit3/31/2026

View on GitHub→

Embed Badge

[![Loaditout](https://loaditout.ai/api/badge/ashlrai/phantom-secrets)](https://loaditout.ai/skills/ashlrai/phantom-secrets)

phantom-secrets

MCP Tool

ashlrai/phantom-secrets

One command. AI uses your API keys safely. Open-source Rust CLI with MCP server for Claude Code.

Install

$ npx loaditout add ashlrai/phantom-secrets

Platform-specific configuration:

.claude/settings.json

{
  "mcpServers": {
    "phantom-secrets": {
      "command": "npx",
      "args": [
        "-y",
        "phantom-secrets"
      ]
    }
  }
}

Add the config above to .claude/settings.json under the mcpServers key.

About

Phantom

AI uses your keys. Safely.

Phantom replaces real secrets with inert tokens. A local proxy swaps them back at the network layer. The AI never sees a real key.

Quick Start

$ npx phantom-secrets init
# Auto-detects .env, .env.local, or .env in subdirectories
# Stores real secrets in OS keychain, rewrites .env with phantom tokens
# Auto-configures Claude Code MCP server if detected

$ phantom exec -- claude
# Proxy running on 127.0.0.1:54321 — AI sees phantom tokens, proxy injects real keys

How It Works

  .env file (safe to leak)          OS Keychain / Vault
  +--------------------------+      +---------------------+
  | OPENAI_API_KEY=phm_a7f3  | ---> | sk-real-secret-key  |
  | STRIPE_KEY=phm_c9d1...   |      | sk_live_real-key... |
  +--------------------------+      +---------------------+
           |                                 |
           v                                 v
  AI Agent (Claude, Cursor)         Phantom Proxy (127.0.0.1)
  +--------------------------+      +------------------------------+
  | Reads .env               |      | Intercepts HTTP requests     |
  | Sees only phm_ tokens    | ---> | Replace

Reviews

Loading reviews...

Quality Signals

Stars

Installs

Last updated14 days ago

Security: AREADME

New

Safety

Risk Levelmedium

Data Access

read

Network Accessnone

Details

Sourcegithub-crawl

Last commit3/31/2026

View on GitHub→

Embed Badge

[![Loaditout](https://loaditout.ai/api/badge/ashlrai/phantom-secrets)](https://loaditout.ai/skills/ashlrai/phantom-secrets)

phantom-secrets

Install

About

Tags

Reviews

Quality Signals

Safety

Details

Embed Badge

phantom-secrets

Install

About

Tags

Reviews

Quality Signals

Safety

Details

Embed Badge