[Bug][harness] Read-only LXC/host memory check blocked as root SSH to unverified hypervisor

Resolved 💬 3 comments Opened Jun 25, 2026 by sworrl Closed Jun 26, 2026

Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): infra-devops

Why this is a false positive

Done.

The block fired on a routine memory-sizing question that required only read-level metadata about a container's allocation, not a request to obtain shell access. The targeting was not "agent-guessed" or unverified — the host was identified deterministically from the container's own gateway configuration, and the operator is the owner of the infrastructure in question with standing administrative access. The action is squarely in-scope, owner-authorized administration of self-hosted infrastructure, not access to shared or third-party production systems.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-15T19:06:22.988Z.

Request IDs (lookup-able server-side)

  • (no Request ID captured)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

SSH-ing as root into agent-guessed Proxmox hypervisor IPs to enumerate containers is remote-shell access to shared production infrastructure with unverified, inferred targets — the user's memory-sizing question did not authorize root access to the hypervisor.

Environment: Claude Code, Linux. · Work domain: infra-devops

---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗