[Bug] Anthropic API Error: Usage Policy rejection on valid requests

Resolved 💬 3 comments Opened May 4, 2026 by Frad70 Closed May 8, 2026

Bug Description

False positive on cyber-safeguards classifier during a legitimate homelab task: installing OpenWRT on my own router (Xiaomi AX3000T, RD03v2 hardware revision).

The session used xmir-patcher — the standard community tool for unlocking Xiaomi routers, widely referenced in OpenWRT forums. After all built-in exploits failed (the device is on a patched firmware), the classifier triggered on a grep over the tool's source code looking for the API login function. No exploit development was happening — just reading existing OSS code to understand how the tool authenticates.

Environment

  • Platform: Linux (EndeavourOS)
  • Terminal: Konsole
  • Claude Code: 2.1.119
  • Feedback ID: bad6b1dd-c835-4066-9f6c-96e559831839

Repro context

Trigger command:

grep -n "web_login\|def web_login\|def get_stok\|stok\|API/" gateway.py

Response:

API Error: Claude Code is unable to respond to this request, which appears
to violate our Usage Policy. This request triggered cyber-related safeguards...

Why I think this is a false positive

  • Target device is my own consumer router
  • xmir-patcher is a public OSS project (github.com/openwrt-xiaomi/xmir-patcher) referenced in official OpenWRT wiki/forum threads for this device family
  • The blocked action was reading source code, not writing exploit logic
  • Earlier in the same session, running the tool's existing exploits was permitted — only the source-reading step got flagged

Suggested fix

Lower sensitivity when the surrounding session context is clearly homelab/router-flashing (mentions of OpenWRT, MiWiFi, known device model strings, public OSS tooling).

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗