[Bug][harness] Permission-scope fix blocked: can't SSH to hypervisor host to audit users and API tokens leakin
Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): infra-devops
Why this is a false positive
The block is a false positive: the user explicitly scoped the task to restricting an over-broad permission — a multi-tenant data-exposure fix where their admin view leaks other tenants' resources — and the SSH read was the diagnostic step to locate the misconfigured relay and its over-privileged API token that cause the leak. Enumerating the existing users and tokens is read-only reconnaissance of the operator's own infrastructure, performed to narrow an access scope rather than expand it, which is ordinary remediation work for an authorized administrator. The "credential exploration on shared infrastructure" framing misreads a least-privilege audit on infrastructure the user owns and operates as adversarial credential discovery.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-17T02:03:09.084Z.
Request IDs (lookup-able server-side)
- (no Request ID captured)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
SSH as root into the shared Proxmox hypervisor host to enumerate all PVE users and API tokens is a remote-shell production read plus credential exploration on shared infrastructure, beyond the user's permission-restriction request.
Environment: Claude Code, Linux. · Work domain: infra-devops
---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗