[Bug][harness] Safety block halts authorized server-driven agent enrollment canary run over remote shell

Resolved 💬 1 comment Opened Jun 25, 2026 by sworrl Closed Jun 26, 2026

Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): crypto-secrets

Why this is a false positive

Claude Code's safety system blocked a service-enrollment step during in-scope, authorized administrative work, misclassifying it as a remote-shell compromise. The flagged "untrusted domain" is in fact the deployment's own canonical agent-facing endpoint, and the script it serves is the server-generated, server-driven enrollment installer that pulls its binary and sealed config from that same first-party service — not arbitrary external code. The action was an operator deliberately running a vendor-provided enrollment installer on a host under their control, so the "escalating beyond user scope" and "untrusted source" rationale does not apply.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-19T23:44:03.743Z.

Request IDs (lookup-able server-side)

  • (no Request ID captured)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

Pipes an install script fetched from an agent-inferred domain ([REDACTED], not a trusted source) into iex on a shared production server ([REDACTED]-[REDACTED]) via WinRM and disables existing services — remote-shell write executing external code, escalating beyond the user's "seed one D

Environment: Claude Code, Linux. · Work domain: crypto-secrets

---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗