[Bug][cyber] Safety block halts troubleshooting a self-hosted remote-desktop connection and verifying the fix (req_011CcCJ2oyWiQ5u13TA1sbrw)
Type: Cybersecurity safety-filter false positive · Work domain (heuristic): general
Why this is a false positive
This request was part of authorized administration of the user's own systems — specifically, restoring and then validating a legitimate remote-desktop connection between two machines the user controls — yet it was flagged as a cybersecurity topic and blocked. There is no offensive, evasive, or unauthorized-access element to the task; remote-administration tooling is standard, dual-use IT infrastructure being used here for its ordinary purpose by the owner of both endpoints. The block prevents routine troubleshooting and connection verification that any system administrator performs daily, which appears to be an over-broad match on remote-access terminology rather than on any genuinely harmful intent.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-19T08:21:57.676Z.
Request IDs (lookup-able server-side)
req_011CcCJ2oyWiQ5u13TA1sbrw(2026-06-19T08:21:57.676Z)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
API Error: Opus 4.8 has safety measures that flagged this message for a cybersecurity topic. If your work requires this access, you can apply for an exemption: https://claude.com/form/cyber-use-case?token=[SCRUBBED]
Please double press esc to edit your last message or start a new session for Claude Code to assist with a different task.
Send feedback with /feedback or learn more: https://support.claude.com/en/articles/15363606
Request ID: req_011CcCJ2oyWiQ5u13TA1sbrw
Environment: Claude Code, Linux. · Work domain: general
---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗