[BUG] Desktop app injects an EMPTY `ANTHROPIC_API_KEY=""` into Claude Code sessions, which disables Remote Control (false positive of the 2.1.139 API-key guard)
Environment
- Claude Desktop app: 1.9659.4 (macOS, Apple Silicon / M4 Max)
- Claude Code embedded in Desktop: 2.1.160
- Claude Code CLI standalone: 2.1.160
- Account: Claude Max (claude.ai OAuth), single user, no org policy
- OS: macOS
Summary
/remote-control (and /rc) is silently unusable in every Claude Code session launched by the Claude Desktop app. The command shows up in the slash-command autocomplete but does nothing / is reported unavailable at runtime. The same account works perfectly from the standalone CLI.
Root cause (identified)
- Changelog 2.1.139: "Remote Control, /schedule, claude.ai MCP connectors, and notification preferences are now disabled when
ANTHROPIC_API_KEY/apiKeyHelper/ANTHROPIC_AUTH_TOKENis set, even if a Claude.ai login also exists." - The Desktop app injects
ANTHROPIC_API_KEYinto the environment of the Claude Code sessions it spawns. Critically, the value is the EMPTY STRING:
${ANTHROPIC_API_KEY+SET}→SET(variable is defined)${ANTHROPIC_API_KEY:+NONEMPTY}→ (empty) (value is empty)- It also sets
ANTHROPIC_BASE_URL=https://api.anthropic.com(the default public endpoint).
- The 2.1.139 guard appears to test for presence of the variable (
'ANTHROPIC_API_KEY' in env) rather than a non-empty / truthy value. An empty string therefore trips the guard.
Net effect: an empty env var — which carries no credential at all — disables Remote Control. This is a false positive. Before 2.1.139, Remote Control tolerated a present API key as long as a claude.ai login also existed, so this regressed Desktop's Remote Control entirely.
Steps to reproduce
- Use the Claude Desktop app (1.9659.4), logged in with a Claude Max account.
- Open any Claude Code session in Desktop.
- Run
/remote-control. - Expected: session registers and becomes controllable from claude.ai/code.
- Actual: command is unavailable / no session URL; nothing appears at claude.ai/code.
- In that session,
printenvshowsANTHROPIC_API_KEYdefined but empty, plusANTHROPIC_BASE_URL=https://api.anthropic.com.
Workaround (confirms diagnosis)
From a terminal where the var is absent (or explicitly unset), Remote Control works on the same Max account:
env -u ANTHROPIC_API_KEY -u ANTHROPIC_BASE_URL claude remote-control --name "My Project"
# -> "Connected", session URL issued, visible at claude.ai/code
Subscription/auth are fine; the only blocker is the (empty) env var.
Suggested fix (either or both)
- Desktop: do not inject
ANTHROPIC_API_KEY(or anyANTHROPIC_*auth var) into spawned Claude Code session environments when the session authenticates via claude.ai OAuth. At minimum, never inject it as an empty string. - Claude Code: treat an empty
ANTHROPIC_API_KEY/ANTHROPIC_AUTH_TOKENas not set — gate on a non-empty value, not mere presence.
Possibly related
#48238, #35955, #62393, #64070
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗