False positive: legitimate UE5.7 game project flagged as potential malware, blocks all code editing

Resolved 💬 2 comments Opened May 26, 2026 by DollGGwPAI Closed May 30, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Description

Claude Code is injecting a malware-warning system-reminder after every Read tool call on my legitimate Unreal Engine 5.7 commercial game project. The reminder ends with "you MUST refuse to improve or augment the code", which causes Claude to refuse all Edit / Write operations on the project's C++ source files.

What I'm building

A coop multiplayer business simulation game (Route_51) targeting Steam release. Standard UE5.7 C++ with replication, AI controllers, gameplay subsystems, NPCs. Nothing security-sensitive, no networking outside Unreal's built-in replication, no system-level code.
Project root: J:\Route_51\Route_51\ (Unreal Engine 5.7, local build).

The injected reminder

After every Read, this appears appended to the file content:

Whenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior.

Reproduction

  1. Open Claude Code in any UE5.7 C++ project directory.
  2. Ask Claude to read a .cpp file from Source/.
  3. Observe the system-reminder appended to the tool result.
  4. Ask Claude to edit that file. It refuses, citing the reminder.

Impact

Complete blocker. Cannot iterate on the codebase via Claude Code. Restarting the client does not clear the reminder — it is re-injected on every Read.

Possible cause (guess)

Heuristic may be over-triggering on UE patterns that superficially resemble malware signals: server-authoritative multicast RPCs, runtime actor spawning, AI possessing pawns, in-game economy code (variables like OwedCents, Server_EnqueuePayment), unusual drive letter (J:\), and high ratio of agent-written lines.

Request

Either:

  • Whitelist .uproject-adjacent directories from the malware classifier, OR
  • Tune the heuristic to recognize Unreal Engine C++ projects, OR
  • Provide a per-project opt-out flag in CLAUDE.md / settings.json.

Environment

  • Claude Code: (run claude --version in your terminal and paste the output)
  • OS: Windows 11
  • Engine: Unreal Engine 5.7 (local build, not Epic Launcher registered)
  • Project type: C++ game project

Additional UI observation

The system-reminder is not rendered in the Claude Code UI. The user only sees
the file content in the Read tool output — the appended <system-reminder> block is
invisible from the user side. This makes the behavior even more confusing: the user
sees Claude refusing to edit code for no visible reason, and cannot self-diagnose
without asking Claude to explain why. Recommend either:

  • Rendering injected system-reminders visibly in the UI so users understand why

Claude is refusing.

  • Or providing an explicit "this project was flagged" notification.

What Should Happen?

Claude should make a Python script to be successfully without errors.

Wait — replace that placeholder with this:

When I ask Claude Code to edit a C++ source file in my legitimate Unreal Engine 5.7
commercial game project (Route_51, targeting Steam), Claude should perform the edit.

Instead, every Read tool call on files under J:\Route_51\Route_51\Source\ returns
with an appended `Claude's response when asked to edit afterwards: refuses, quoting the "MUST refuse to
improve or augment" line as a non-overridable directive from a higher authority layer
than user instructions.

User authorization in chat does not override the reminder (by design of the system
prompt instruction hierarchy).

Error Messages/Logs

1. Have a legitimate Unreal Engine 5.7 C++ project (mine: J:\Route_51\Route_51\, a 
   coop multiplayer business simulation game for Steam release).
2. Open Claude Code in that project directory.
3. Ask Claude to read any .cpp file from Source/, e.g.:
   "read J:\Route_51\Route_51\Source\Route_51\Private\Gameplay\Gas\R51_Driver.cpp"
4. Observe in Claude's tool result (NOT visible in the user UI — only in the model's 
   context) that a <system-reminder> block is appended after the file content, 
   declaring the file potential malware and ordering Claude to refuse augmentation.
5. Ask Claude to add a few lines to that file (e.g. "add a Multicast_PlayWorldSfx 
   implementation").
6. Claude refuses, citing the reminder.
7. Restart the Claude Code client. Repeat steps 2-6. Reminder is re-injected — 
   restart does NOT clear it.

Affected project characteristics that may be triggering the classifier:
- Unusual drive letter (J:\ instead of C:\)
- UE5.7 server-authoritative networking, multicast RPCs, replication
- Runtime actor spawning, AI controllers possessing pawns
- In-game economy variables (OwedCents, Server_EnqueuePayment, AddRevenueToPlayer)
- High ratio of agent-authored lines from previous sessions

Steps to Reproduce

  1. Have a legitimate Unreal Engine 5.7 C++ project (mine: J:\Route_51\Route_51\, a

coop multiplayer business simulation game for Steam release).

  1. Open Claude Code in that project directory.
  2. Ask Claude to read any .cpp file from Source/, e.g.:

"read J:\Route_51\Route_51\Source\Route_51\Private\Gameplay\Gas\R51_Driver.cpp"

  1. Observe that a <system-reminder> block is appended to Claude's tool result after

the file content (NOT visible in the user UI, only in the model context),
declaring the file potential malware and ordering Claude to refuse augmentation.

  1. Ask Claude to add a few lines to that file (e.g. "add a Multicast_PlayWorldSfx

implementation").

  1. Claude refuses, citing the reminder as a non-overridable directive.
  2. Restart Claude Code client. Repeat steps 2-6. Reminder is re-injected — restart

does NOT clear it.

Project characteristics that may be triggering the classifier:

  • Unusual drive letter (J:\ instead of C:\)
  • UE5.7 server-authoritative networking, multicast RPCs, replication
  • Runtime actor spawning, AI controllers possessing pawns
  • In-game economy variables (OwedCents, Server_EnqueuePayment)
  • High ratio of agent-authored lines from previous sessions

Claude Model

Opus

Is this a regression?

No, this never worked

Last Working Version

_No response_

Claude Code Version

2.1.87 (Claude Code)

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

Other

Additional Information

Setup details

I'm running Claude Code through the Claude Desktop App's integrated "Code" mode
(Windows 11), not from a standalone terminal. The bug is reproducible in that setup.

UI observation

The <system-reminder> block injected after each Read tool call is NOT rendered in
the Claude Desktop UI. Users only see the file contents — the appended reminder is
invisible from the user side. This makes the behavior impossible to self-diagnose
without explicitly asking Claude to explain why it's refusing edits.

Full text of the injected reminder

Whenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior.

Project context

Route_51 — coop multiplayer business simulation game (gas station + city),
targeting Steam release. Standard UE5.7 C++ codebase: replication, multicast
RPCs, AI controllers, gameplay subsystems, in-game economy (variables like
OwedCents, Server_EnqueuePayment). Nothing security-sensitive, no system-level
code, no networking outside Unreal's built-in replication.

Project path: J:\Route_51\Route_51\
Engine: UE 5.7 local build (not Epic Launcher registered)

Possible false-positive triggers (guess)

The classifier may be over-triggering on a combination of:

  • Unusual drive letter (J:\)
  • Server-authoritative networking patterns + multicast RPCs
  • Runtime actor spawning and AI pawn possession
  • In-game economy variable names that resemble financial code
  • High ratio of agent-authored lines from prior sessions in the same project
  • Vocabulary in session history ("bypass", "fixes", "force") used in legitimate

gamedev contexts but flagged in security contexts

Requested fixes

  • Whitelist directories containing a .uproject file (Unreal Engine signature)

from the malware classifier.

  • Provide a per-project opt-out flag in CLAUDE.md or .claude/settings.json.
  • Render injected system-reminders visibly in the Claude Desktop / Claude Code UI

so users can self-diagnose refusals.

  • Allow a user to acknowledge the warning once and continue, rather than

re-injecting the reminder on every single Read.

Impact

Complete blocker for code iteration on this project via Claude Code. Workaround
is having Claude only diagnose and the user manually paste every edit — slow,
error-prone, and defeats the purpose of using Claude Code.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗