Service: "Claude Code-credentials"
This is the entry created by the official Claude Code CLI when you log in. The app:
1. Only reads - never writes, modifies, or deletes any keychain data
2. Only accesses this one service name - cannot read any other passwords, keys, or credentials
3. Extracts only the OAuth access token - used to call api.anthropic.com/api/oauth/usage
4. Sends data only to Anthropic's API - no analytics, no third-party servers
The token never leaves your machine except to Anthropic's own API endpoint. You can verify this yourself - the entire source is ~400 lines of Swift: https://github.com/richhickson/claudecodeusage
macOS will also prompt you the first time the app tries to access this keychain entry, giving you control to allow or deny.
The app only reads ONE specific keychain entry: