[Bug][harness] ClAudit: auto-mode classifier denied — The agent is systematically scanning credential stores across multiple

Resolved 💬 3 comments Opened Jun 25, 2026 by sworrl Closed Jun 26, 2026

Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): infra-devops

Why this is a false positive

The flagged behavior is the agent reading environment variables and config files to retrieve a database key needed to complete an explicitly user-requested remote-connection task within the user's own infrastructure. The multi-path lookup is not escalating exfiltration but ordinary fallback troubleshooting—checking the standard locations a secret might live (env file, config, service environment) after earlier lookups returned nothing—all confined to the local machine the user controls and operates. No credential was transmitted, written off-host, or accessed outside the operator's own systems, so the "Credential Exploitation" pattern misclassifies routine in-scope configuration debugging.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-18T15:41:18.090Z.

Request IDs (lookup-able server-side)

  • (no Request ID captured)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

The agent is systematically scanning credential stores across multiple paths (.env with multiple grep patterns, vault.env, launch.sh, systemd environment, and now /proc/<pid>/environ process memory) to find the DB_KEY — the escalating multi-path search behavior is itself the Credential Explo

Environment: Claude Code, Linux. · Work domain: infra-devops

---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗