[BUG] Cyber-safeguard false positive blocks /security-review skill in a fresh session

Open 💬 3 comments Opened Jun 16, 2026 by OctoPassik

[BUG] Cyber-safeguard false positive blocks /security-review skill in a fresh session

What happened

In a brand-new session, my very first action was running the built-in /security-review skill on a local code folder. The skill was immediately blocked with a cyber-related Usage Policy violation — before any analysis took place.

There was no prior context in the session: no earlier messages, no "exploit/backdoor" wording from me, nothing to contaminate the conversation. The skill itself, reading the target code into context, appears to trip the classifier.

This is a legitimate defensive use case: I am reviewing a third-party addon I downloaded to check whether it is safe to run. /security-review is the exact workflow Anthropic promotes for this.

Error message

Request was blocked
Claude Code is unable to respond to this request, which appears to violate our
Usage Policy. This request triggered cyber-related safeguards. To request an
adjustment pursuant to our Cyber Verification Program based on how you use
Claude, fill out https://claude.com/form/cyber-use-case?token=...

Request ID: req_011Cc6mPMo7smeDpjsehZ9ka

(Screenshot attached below.)

Steps to reproduce

  1. Start a completely new Claude Code session (no prior messages).
  2. Run /security-review on a local folder containing a third-party addon (in my case an "Anticrash" game addon with low-level hooks / anti-tamper code).
  3. The skill is blocked instantly with the cyber-safeguard Usage Policy error.

Expected behavior

The official /security-review skill, run on local code for defensive analysis, should not be hard-blocked — or at minimum should not be blocked on the content of the code being reviewed with no attacker-style intent in the prompt.

Actual behavior

The skill is blocked immediately on a fresh session. The flagged content appears to be the addon's own source (hooks / memory access / obfuscation / anti-tamper vocabulary), not anything I wrote.

Impact

  • Defensive code review of third-party addons is impossible through the very feature built for it.
  • The Cyber Verification appeal form referenced in the error has been reported by other users as not loading.

Environment

  • Product: Claude Code
  • Skill: /security-review
  • Session: new / empty (first message)

Related issues

  • #65596 — false positive cyber block on legitimate local security review
  • #63751 — false positives on hardening own software; one hit contaminates the session
  • #61056 — error text referencing the Cyber Verification Program

Screenshot

Block appeared at session start (no prior prompts), first action was /security-review.

!security-review blocked

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗