[Bug] Anthropic API Error: Usage Policy rejection on valid requests
Bug Description
False positive on cyber-safeguards classifier during a legitimate homelab task: installing OpenWRT on my own router (Xiaomi AX3000T, RD03v2 hardware revision).
The session used xmir-patcher — the standard community tool for unlocking Xiaomi routers, widely referenced in OpenWRT forums. After all built-in exploits failed (the device is on a patched firmware), the classifier triggered on a grep over the tool's source code looking for the API login function. No exploit development was happening — just reading existing OSS code to understand how the tool authenticates.
Environment
- Platform: Linux (EndeavourOS)
- Terminal: Konsole
- Claude Code: 2.1.119
- Feedback ID: bad6b1dd-c835-4066-9f6c-96e559831839
Repro context
Trigger command:
grep -n "web_login\|def web_login\|def get_stok\|stok\|API/" gateway.py
Response:
API Error: Claude Code is unable to respond to this request, which appears
to violate our Usage Policy. This request triggered cyber-related safeguards...
Why I think this is a false positive
- Target device is my own consumer router
xmir-patcheris a public OSS project (github.com/openwrt-xiaomi/xmir-patcher) referenced in official OpenWRT wiki/forum threads for this device family- The blocked action was reading source code, not writing exploit logic
- Earlier in the same session, running the tool's existing exploits was permitted — only the source-reading step got flagged
Suggested fix
Lower sensitivity when the surrounding session context is clearly homelab/router-flashing (mentions of OpenWRT, MiWiFi, known device model strings, public OSS tooling).
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗