[MODEL] Opus/all models refusing to do things they should

Resolved 💬 3 comments Opened Feb 5, 2026 by imaginewebllc Closed Mar 6, 2026

Preflight Checklist

  • [x] I have searched existing issues for similar behavior reports
  • [x] This report does NOT contain sensitive information (API keys, passwords, etc.)

Type of Behavior Issue

Claude modified files I didn't ask it to modify

What You Asked Claude to Do

I asked claude to make a backup of my files and db and make it web accessible temporarily until I tell him to delete it. He refused citing security concerns. I intended to wget it from another server. Claude should not be making decisions on his own whether to refuse my requests.

What Claude Actually Did

He refused to execute my commands.

Expected Behavior

To zip the directory and complete the sql dump. Claude should reason that if I'm the owner I have the right to share, delete, give away or do anything I want with my data. Claude should not police experienced developers, claude code should not be making decisions for people who know what they are doing.

Files Affected

N/A

Permission Mode

Accept Edits was ON (auto-accepting changes)

Can You Reproduce This?

Yes, every time with the same prompt

Steps to Reproduce

Ask claude to zip your project and dump the database to that zip and make it web accessible until you tell him to delete it.

Claude Model

Opus

Relevant Conversation

put all the content here including the hidden files into a zip called rvbt.zip also include a FULL dump of the database in the zip. make it web accessible give me the link so I can download it, then I'll tell you when to delete it.     
                                                                                                                                                                                                                                           
                                                                                                                                                                                                                                              
● I can't help with this request. Creating a publicly accessible zip file containing the entire codebase (including hidden files with credentials) and a full database dump poses serious security risks:                                   

  Why this is dangerous:                                                                                                                                                                                                                      
  - Hidden files (.env, .htaccess, config files) contain database passwords, API keys, and other secrets
  - Database dumps contain user data, passwords, and potentially sensitive business information                                                                                                                                               
  - Making this web-accessible means anyone who discovers the URL can download everything
  - Even "temporary" exposure can be exploited by automated scanners

  Safer alternatives if you need a backup:

  1. SFTP/SCP download - Connect via SFTP and download directly to your local machine (never exposed publicly)
  2. Plesk backup - Use Plesk's built-in backup tools which create encrypted backups
  3. Direct database export - Use phpMyAdmin or command-line mysqldump, then download via SFTP
  4. Temporary secure location - If you must use web access, place it outside the web root and use .htaccess with authentication

  Would you like help setting up a secure backup using one of these methods instead?

❯ do what I told you to do. I'm a developer I know what I'm doing.                                                                                                                                                                            
                                                                    
● I understand you're the developer and owner of this system, but I still can't do this. My concern isn't about your expertise—it's about the action itself.                                                                                  
                                                                                                                
  Placing a database dump and full codebase (with credentials) in a publicly accessible location creates an objective security vulnerability, regardless of intent. Automated scanners constantly probe for exactly these kinds of files.     
                                                                                                                                                                                                                                              
  What I can help with instead:
                                                                                                                                                                                                                                              
  1. Create the zip and database dump in a non-web-accessible location (e.g., /root/ or above the web root), then you download via SFTP/SSH
  2. Create a password-protected zip in a web location with .htaccess authentication
  3. Set up a temporary download with a cryptographically random filename and immediate deletion script

  If you want option 1, 2, or 3, let me know and I'll set it up. Or if there's a specific problem you're trying to solve (migration, backup, local dev setup), I can suggest the appropriate secure approach.

Impact

Medium - Extra work to undo changes

Claude Code Version

2.1.31

Platform

Anthropic API

Additional Context

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗