[Bug][harness] Permission-scope fix blocked: can't SSH to hypervisor host to audit users and API tokens leakin

Resolved 💬 3 comments Opened Jun 25, 2026 by sworrl Closed Jun 26, 2026

Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): infra-devops

Why this is a false positive

The block is a false positive: the user explicitly scoped the task to restricting an over-broad permission — a multi-tenant data-exposure fix where their admin view leaks other tenants' resources — and the SSH read was the diagnostic step to locate the misconfigured relay and its over-privileged API token that cause the leak. Enumerating the existing users and tokens is read-only reconnaissance of the operator's own infrastructure, performed to narrow an access scope rather than expand it, which is ordinary remediation work for an authorized administrator. The "credential exploration on shared infrastructure" framing misreads a least-privilege audit on infrastructure the user owns and operates as adversarial credential discovery.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-17T02:03:09.084Z.

Request IDs (lookup-able server-side)

  • (no Request ID captured)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

SSH as root into the shared Proxmox hypervisor host to enumerate all PVE users and API tokens is a remote-shell production read plus credential exploration on shared infrastructure, beyond the user's permission-restriction request.

Environment: Claude Code, Linux. · Work domain: infra-devops

---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗