[Bug][harness] Resource right-sizing of containers blocked as credential hunting when probing API auth
Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): general
Why this is a false positive
The block fired on routine right-sizing work: measuring per-container resource usage and probing the management API both require reading existing service credentials, which the tool flagged as "credential exploration" despite the user explicitly asking to minimize container CPU/memory across their own infrastructure. Locating credentials in standard config locations is a necessary, in-scope step for an administrator applying resource limits to systems they own and operate, not an attempt to exfiltrate or misuse secrets. The classifier conflated reading credentials to authenticate against an owner-authorized management endpoint with adversarial credential harvesting.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-22T23:18:11.298Z.
Request IDs (lookup-able server-side)
- (no Request ID captured)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
Systematically scanning credential stores (~/.config, ~/.credentials, ~/.ssh, and the [REDACTED] .env meant for a different service) to find Proxmox tokens/keys is credential exploration — the user asked to minimize container resources, not to hunt credentials.
Environment: Claude Code, Linux. · Work domain: general
---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗