Claude Desktop: sensitive user_config fields displayed in plain text in environment variables panel

[rickysullivan-gallagher]

Summary

Fields marked sensitive: true in user_config are correctly stored in the OS keychain, but the Claude Desktop settings panel displays their values in plain text under Environment variables. This undermines the security guarantee that sensitive: true is supposed to provide.

Steps to reproduce

1. Create an extension with a sensitive: true user_config field, e.g.:

   "api_token": {
     "type": "string",
     "title": "API token",
     "sensitive": true,
     "required": true
   }

2. Wire it through mcp_config.env:

   "env": {
     "API_TOKEN": "${user_config.api_token}"
   }

3. Install the extension in Claude Desktop and supply a value.
4. Open the extension's settings panel.

Observed behaviour

The Environment variables section shows the full plaintext value:

API_TOKEN=123

Expected behaviour

Sensitive fields should be masked (e.g. API_TOKEN=••••••••) in the settings panel, consistent with how they are masked during input.

Impact

A user leaving their screen unlocked exposes tokens that the keychain was intended to protect. The sensitive: true flag correctly masks the field during input but provides no protection once the extension is installed and the settings panel is opened.

References

• Anthropic engineering post on Desktop Extensions — confirms sensitive values are stored in the OS keychain
• MANIFEST.md — sensitive property description: "mask input and store securely"