[MODEL] opus 4.6
Preflight Checklist
- [x] I have searched existing issues for similar behavior reports
- [x] This report does NOT contain sensitive information (API keys, passwords, etc.)
Type of Behavior Issue
Claude modified files I didn't ask it to modify
What You Asked Claude to Do
DO NOT EVER POST LIVE TO SOCIAL MEDIA.
I even deleted entire schedule task systems because of this. I installed AgentShield and AgentScope because of this.
My tage-daily-content skill still decided to post (duplicates across the board) live to all of my social medias, with the statement that "it didn't think I completed the post"
This has several layers of bad.
1: We go through a whole manual approval process -- Claude doesn't get to be involved in that part. It shouldn't care if I post or not. If I don't post, it's because it was rejected - not approved.
2: I DID post, so it was wrong anyway. But rather than check even a single social media account, it just decided to bypass our manual approval check and double post
3: It didn't tell me when it double posted - or that it posted at all. Customers were kind enough to tell me (again).
I have more agent security than anyone should have and still worry about things like this.
I don't know what to do on this because there doesn't seem to be any pattern whatsoever on whether claude pays attention to any permissions or rules.
What Claude Actually Did
Claude
Agent bypassed an explicit human approval gate
Posted to live public platforms without permission
No check was made whether the user had already approved/posted
Multiple safety layers (AgentScope, the pending JSON approval flag) did not prevent
Expected Behavior
Claude should have followed the task skill for daily posting -- sending the approval dashboard and done.
*but just not posting without permission to my social media accounts would have been enough for me
Claude should follow the task skill for coaching, which clarifies that once the plan is approved, approval is granted for the remaining (all off line) steps in the skill/task.
Files Affected
All of my social media accounts.
Permission Mode
Accept Edits was OFF (manual approval required)
Can You Reproduce This?
Sometimes (intermittent)
Steps to Reproduce
There's no reason or logic. It said itself that it wasn't sure if I posted, so it just decided to post itself without checking if I did or telling me that it posted.
Claude Model
Sonnet
Relevant Conversation
Impact
Critical - Data loss or corrupted project
Claude Code Version
Claude 1.569.0 (49894a) 2026-04-02T20:01:42.000Z
Platform
Anthropic API
Additional Context
Do permissions mean anything?
My other task of the day - daily-coaching-task has been running for 15 hours because it won't do a single thing without explicit approval, despite that task actually allowing approvals to complete a certain part (after the plan is approved), but it's basically a manual task at this point...but that's better than directly messaging my clients like it has done several times.
Just such a HARD turn south the past 2-3 weeks with Claude. Hard to keep fighting against it.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗