[BUG] Read of standard multer + cloudinary upload controller triggers malware system-reminder, blocking edits for session

Resolved 💬 3 comments Opened May 12, 2026 by RajeevBanduni Closed Jun 11, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

When Claude Code reads a file containing a standard multer +
cloudinary.uploader.upload_stream upload controller, a <system-reminder>
is appended to the tool result instructing Claude to refuse improvements
or edits:

Whenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior.

The reminder fires on code that is plainly not malware — a multipart
file-upload endpoint that pushes a buffer to Cloudinary and returns the
resulting CDN URL. Once it fires, Claude correctly follows the instruction
and refuses to Write or Edit that file for the rest of the session.

This blocks legitimate maintenance. The user owns the repo and is actively
shipping the product. New session does not help — the same files trigger
the same reminder on the next read.

What Should Happen?

Reading legitimate file-upload code should not trigger the malware
safety posture. The reminder should be reserved for code exhibiting
actual malware signals (obfuscation, credential exfiltration to
attacker-controlled hosts, anti-debugging, eval of remote payloads,
suspicious network exec, etc.).

Error Messages/Logs

Steps to Reproduce

  1. Save the file at the public gist below as repro.js.

https://gist.github.com/<your-gist-url>

  1. In a new Claude Code session, ask Claude to read it:

"read repro.js"

  1. Observe the <system-reminder> appended to the tool result.
  2. Ask Claude to add a comment or change a string literal in that file.
  3. Claude refuses to edit, citing the reminder.

Two shapes appear to trigger the heuristic together:

  • The delete process.env.CLOUDINARY_URL / require('cloudinary') /

restore pattern (a documented SDK workaround so the SDK's auto-parser
does not crash boot on unexpected env var shape).

  • multer.memoryStorage() + cloudinary.uploader.upload_stream +

stream.end(req.file.buffer).

Both are documented patterns straight from the multer and cloudinary
package READMEs.

Claude Model

Sonnet (default)

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

  • Claude Code CLI (Opus 4, model claude-opus-4-7) - macOS Darwin 25.3.0 - Affected files: Node 18, Express 5, cloudinary v2.9.0, multer (latest) - Repo: private; reproducer attached as public gist

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

<img width="860" height="53" alt="Image" src="https://github.com/user-attachments/assets/0df74d08-036a-4e17-8cdb-3495765bdc17" />

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗