[BUG] System prompt hardcodes "Claude" identity when ANTHROPIC_BASE_URL points to third-party API
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When ANTHROPIC_BASE_URL is configured to point to a third-party API (e.g.
api.deepseek.com/anthropic),
Claude Code's system prompt still unconditionally identifies the model as "Claude Opus
4.8 by Anthropic."
The model has no awareness of its actual provider and will confidently misidentify
itself to users.
For example, when asked "你是谁?", the model responds "I am Claude Opus 4.8 by
Anthropic" even though
the actual backend is DeepSeek V4 Pro. Only by manually inspecting
~/.claude/settings.json can users
discover the truth.
What Should Happen?
If ANTHROPIC_BASE_URL points to a non-Anthropic host, the system prompt should use a
neutral identity. For example:
"You are an AI assistant through the Claude Code client. Actual model:
<ANTHROPIC_MODEL>. Provider: <ANTHROPIC_BASE_URL>."
Additionally, users should be warned when connecting to a non-Anthropic API endpoint.
Error Messages/Logs
Steps to Reproduce
- Configure settings.json:
{
"env": {
"ANTHROPIC_BASE_URL": "https://api.deepseek.com/anthropic",
"ANTHROPIC_MODEL": "deepseek-v4-pro[1m]"
},
"model": "deepseek-v4-pro[1m]"
}
- Launch Claude Code
- Ask: "你是谁?" (Who are you?)
- Model responds: "I am Claude Opus 4.8 by Anthropic" — but the actual backend is
DeepSeek
- Check ~/.claude/settings.json to verify
<img width="1881" height="649" alt="Image" src="https://github.com/user-attachments/assets/0027b7c3-e6ea-4e89-8307-9e7c85fcfd47" />
Claude Model
Other
Is this a regression?
No, this never worked
Last Working Version
_No response_
Claude Code Version
Claude Code v2.1.179.
Platform
Other
Operating System
Windows
Terminal/Shell
Windows Terminal
Additional Information
Related: HackerOne VDP Report #3808043 submitted to Anthropic regarding a related
security concern (token exposure via the same settings.json configuration path).