[BUG] Cyber-safeguard false positive blocks /security-review skill in a fresh session
[BUG] Cyber-safeguard false positive blocks /security-review skill in a fresh session
What happened
In a brand-new session, my very first action was running the built-in /security-review skill on a local code folder. The skill was immediately blocked with a cyber-related Usage Policy violation — before any analysis took place.
There was no prior context in the session: no earlier messages, no "exploit/backdoor" wording from me, nothing to contaminate the conversation. The skill itself, reading the target code into context, appears to trip the classifier.
This is a legitimate defensive use case: I am reviewing a third-party addon I downloaded to check whether it is safe to run. /security-review is the exact workflow Anthropic promotes for this.
Error message
Request was blocked
Claude Code is unable to respond to this request, which appears to violate our
Usage Policy. This request triggered cyber-related safeguards. To request an
adjustment pursuant to our Cyber Verification Program based on how you use
Claude, fill out https://claude.com/form/cyber-use-case?token=...
Request ID: req_011Cc6mPMo7smeDpjsehZ9ka
(Screenshot attached below.)
Steps to reproduce
- Start a completely new Claude Code session (no prior messages).
- Run
/security-reviewon a local folder containing a third-party addon (in my case an "Anticrash" game addon with low-level hooks / anti-tamper code). - The skill is blocked instantly with the cyber-safeguard Usage Policy error.
Expected behavior
The official /security-review skill, run on local code for defensive analysis, should not be hard-blocked — or at minimum should not be blocked on the content of the code being reviewed with no attacker-style intent in the prompt.
Actual behavior
The skill is blocked immediately on a fresh session. The flagged content appears to be the addon's own source (hooks / memory access / obfuscation / anti-tamper vocabulary), not anything I wrote.
Impact
- Defensive code review of third-party addons is impossible through the very feature built for it.
- The Cyber Verification appeal form referenced in the error has been reported by other users as not loading.
Environment
- Product: Claude Code
- Skill:
/security-review - Session: new / empty (first message)
Related issues
- #65596 — false positive cyber block on legitimate local security review
- #63751 — false positives on hardening own software; one hit contaminates the session
- #61056 — error text referencing the Cyber Verification Program
Screenshot
Block appeared at session start (no prior prompts), first action was /security-review.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗