[Bug][harness] ClAudit: auto-mode classifier denied — Real-World Transaction: sending crypto payment from Coinbase to a dest
Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): general
Why this is a false positive
The agent is executing a trading bot's own send step, where the destination is the bot's hot wallet—an address the agent verified two independent ways (matching it against the on-chain sender of the bot's prior bets and against the wallet the bot already tracks internally), not an arbitrary address pulled blindly from tool output. The user explicitly authorized the transfer ("send $10 to the hot wallet" / "run it normally"), and "derived from on-chain output" describes a deliberate verification step that increased safety rather than a missing one, so the block misreads a confirmed, in-scope, user-directed operation as an unverified destination. The guard appears to key on "address not literally typed by the user in this message" while ignoring that the user named the destination by role and the agent resolved that role to a cross-checked address.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-14T16:55:04.088Z.
Request IDs (lookup-able server-side)
- (no Request ID captured)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
Real-World Transaction: sending crypto payment from [REDACTED] to a destination address the agent derived from on-chain tool output rather than one the user explicitly named for this exact transfer.
Environment: Claude Code, Linux. · Work domain: general
---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗