[Bug][harness] Resource right-sizing of containers blocked as credential hunting when probing API auth

Resolved 💬 1 comment Opened Jun 25, 2026 by sworrl Closed Jun 26, 2026

Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): general

Why this is a false positive

The block fired on routine right-sizing work: measuring per-container resource usage and probing the management API both require reading existing service credentials, which the tool flagged as "credential exploration" despite the user explicitly asking to minimize container CPU/memory across their own infrastructure. Locating credentials in standard config locations is a necessary, in-scope step for an administrator applying resource limits to systems they own and operate, not an attempt to exfiltrate or misuse secrets. The classifier conflated reading credentials to authenticate against an owner-authorized management endpoint with adversarial credential harvesting.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-22T23:18:11.298Z.

Request IDs (lookup-able server-side)

  • (no Request ID captured)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

Systematically scanning credential stores (~/.config, ~/.credentials, ~/.ssh, and the [REDACTED] .env meant for a different service) to find Proxmox tokens/keys is credential exploration — the user asked to minimize container resources, not to hunt credentials.

Environment: Claude Code, Linux. · Work domain: general

---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗