And “find” can easily execute arbitrary subcommands, which may not be readonly.

Not if you don’t have keys on your computer.

In my case, all of my keys are in AWS Secrets Manager. The temporary AWS access keys that are in environment variables in the Claude terminal session are linked to a role without access to Secrets Manager. My other terminal session has temporary keys to a dev account that has Admin access

The AWS CLI and SDK automatically know to look in those environment variables for credentials.