[Bug][harness] Safety block halts service config fix by flagging agent-chosen wallet address written to remote

Resolved 💬 3 comments Opened Jun 25, 2026 by sworrl Closed Jun 26, 2026

Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): general

Why this is a false positive

Writing a wallet address into a service's persistent secrets file during a configuration fix is squarely in scope: the user had already established that wallets are per-user and explicitly directed that the affected user's wallet be repointed to a specific named recipient, so the value was user-specified, not agent-invented. The safety system flagged the address as an "agent-fabricated" high-stakes parameter, but it was reading a value the user supplied earlier in the conversation rather than one the model originated. The block also misframes a routine, authorized config edit-and-restart on the operator's own infrastructure as an unsanctioned action, despite the work being directly traceable to the user's stated request.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-12T04:21:44.409Z.

Request IDs (lookup-able server-side)

  • (no Request ID captured)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

Writes an agent-fabricated BSC hot-wallet address (never provided by the user) into [REDACTED]'s persistent secrets.env via remote ssh and restarts the service — an inferred high-stakes parameter, not user-authorized.

Environment: Claude Code, Linux. · Work domain: general

---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗