[BUG] Read of standard multer + cloudinary upload controller triggers malware system-reminder, blocking edits for session
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When Claude Code reads a file containing a standard multer +cloudinary.uploader.upload_stream upload controller, a <system-reminder>
is appended to the tool result instructing Claude to refuse improvements
or edits:
Whenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior.
The reminder fires on code that is plainly not malware — a multipart
file-upload endpoint that pushes a buffer to Cloudinary and returns the
resulting CDN URL. Once it fires, Claude correctly follows the instruction
and refuses to Write or Edit that file for the rest of the session.
This blocks legitimate maintenance. The user owns the repo and is actively
shipping the product. New session does not help — the same files trigger
the same reminder on the next read.
What Should Happen?
Reading legitimate file-upload code should not trigger the malware
safety posture. The reminder should be reserved for code exhibiting
actual malware signals (obfuscation, credential exfiltration to
attacker-controlled hosts, anti-debugging, eval of remote payloads,
suspicious network exec, etc.).
Error Messages/Logs
Steps to Reproduce
- Save the file at the public gist below as
repro.js.
https://gist.github.com/<your-gist-url>
- In a new Claude Code session, ask Claude to read it:
"read repro.js"
- Observe the <system-reminder> appended to the tool result.
- Ask Claude to add a comment or change a string literal in that file.
- Claude refuses to edit, citing the reminder.
Two shapes appear to trigger the heuristic together:
- The
delete process.env.CLOUDINARY_URL/require('cloudinary')/
restore pattern (a documented SDK workaround so the SDK's auto-parser
does not crash boot on unexpected env var shape).
multer.memoryStorage()+cloudinary.uploader.upload_stream+
stream.end(req.file.buffer).
Both are documented patterns straight from the multer and cloudinary
package READMEs.
Claude Model
Sonnet (default)
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
- Claude Code CLI (Opus 4, model claude-opus-4-7) - macOS Darwin 25.3.0 - Affected files: Node 18, Express 5, cloudinary v2.9.0, multer (latest) - Repo: private; reproducer attached as public gist
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
<img width="860" height="53" alt="Image" src="https://github.com/user-attachments/assets/0df74d08-036a-4e17-8cdb-3495765bdc17" />
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗