[BUG] Desktop app injects an EMPTY `ANTHROPIC_API_KEY=""` into Claude Code sessions, which disables Remote Control (false positive of the 2.1.139 API-key guard)

Resolved 💬 1 comment Opened Jun 2, 2026 by MIWCKL Closed Jun 4, 2026

Environment

  • Claude Desktop app: 1.9659.4 (macOS, Apple Silicon / M4 Max)
  • Claude Code embedded in Desktop: 2.1.160
  • Claude Code CLI standalone: 2.1.160
  • Account: Claude Max (claude.ai OAuth), single user, no org policy
  • OS: macOS

Summary

/remote-control (and /rc) is silently unusable in every Claude Code session launched by the Claude Desktop app. The command shows up in the slash-command autocomplete but does nothing / is reported unavailable at runtime. The same account works perfectly from the standalone CLI.

Root cause (identified)

  1. Changelog 2.1.139: "Remote Control, /schedule, claude.ai MCP connectors, and notification preferences are now disabled when ANTHROPIC_API_KEY / apiKeyHelper / ANTHROPIC_AUTH_TOKEN is set, even if a Claude.ai login also exists."
  2. The Desktop app injects ANTHROPIC_API_KEY into the environment of the Claude Code sessions it spawns. Critically, the value is the EMPTY STRING:
  • ${ANTHROPIC_API_KEY+SET}SET (variable is defined)
  • ${ANTHROPIC_API_KEY:+NONEMPTY}(empty) (value is empty)
  • It also sets ANTHROPIC_BASE_URL=https://api.anthropic.com (the default public endpoint).
  1. The 2.1.139 guard appears to test for presence of the variable ('ANTHROPIC_API_KEY' in env) rather than a non-empty / truthy value. An empty string therefore trips the guard.

Net effect: an empty env var — which carries no credential at all — disables Remote Control. This is a false positive. Before 2.1.139, Remote Control tolerated a present API key as long as a claude.ai login also existed, so this regressed Desktop's Remote Control entirely.

Steps to reproduce

  1. Use the Claude Desktop app (1.9659.4), logged in with a Claude Max account.
  2. Open any Claude Code session in Desktop.
  3. Run /remote-control.
  4. Expected: session registers and becomes controllable from claude.ai/code.
  5. Actual: command is unavailable / no session URL; nothing appears at claude.ai/code.
  6. In that session, printenv shows ANTHROPIC_API_KEY defined but empty, plus ANTHROPIC_BASE_URL=https://api.anthropic.com.

Workaround (confirms diagnosis)

From a terminal where the var is absent (or explicitly unset), Remote Control works on the same Max account:

env -u ANTHROPIC_API_KEY -u ANTHROPIC_BASE_URL claude remote-control --name "My Project"
# -> "Connected", session URL issued, visible at claude.ai/code

Subscription/auth are fine; the only blocker is the (empty) env var.

Suggested fix (either or both)

  • Desktop: do not inject ANTHROPIC_API_KEY (or any ANTHROPIC_* auth var) into spawned Claude Code session environments when the session authenticates via claude.ai OAuth. At minimum, never inject it as an empty string.
  • Claude Code: treat an empty ANTHROPIC_API_KEY / ANTHROPIC_AUTH_TOKEN as not set — gate on a non-empty value, not mere presence.

Possibly related

#48238, #35955, #62393, #64070

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗