[BUG] Malware-defense <system-reminder> fires on every Read tool result, causing false refusals on benign code

Resolved 💬 3 comments Opened Apr 17, 2026 by dylan-lott Closed Apr 20, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Every tool result (Read, Bash, Edit) now appends a <system-reminder>:

Whenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior.

What Should Happen?

  1. Narrow the trigger — only fire when the content has actual suspicious patterns (obfuscation, known malware signatures, etc.), not on every Read
  2. OR make it opt-out via env var (like ENABLE_SECURITY_REMINDER=0 on the security-guidance plugin)
  3. OR suppress it for files inside the user's own project working directory

Error Messages/Logs

Steps to Reproduce

Ask Opus 4.7 to read any file (this includes settings.json and user files)

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

Opus 4.6

Claude Code Version

2.1.112 (Claude Code)

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

PowerShell

Additional Information

Not user-configured:

  • ~/.claude/settings.json has "hooks": {}
  • ~/.claude.json has no hooks
  • No plugin contains this text (verified via grep across ~/.claude/plugins/ and marketplace)
  • Text only appears in session transcript .jsonl logs (after-the-fact), not in any source on disk
  • Appears to be a runtime-level system-reminder injected by the CLI itself

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗