[Bug][harness] Safety block prevents SSH to backend host and authorized API-token curl during requested deploy

Resolved 💬 3 comments Opened Jun 25, 2026 by sworrl Closed Jun 26, 2026

Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): general

Why this is a false positive

The block fired on standard infrastructure-provisioning steps that fall squarely within the user's explicit request to stand up a backend: authenticating to a host over SSH and authenticating an API call with a token are the ordinary mechanics of deploying a service, not unauthorized intrusion or credential exfiltration. The host and token belong to the user's own environment, the access was the operator acting on their own infrastructure, and "make a backend" is direct authorization to perform exactly these provisioning actions. Treating an owner's routine deploy-time authentication as a remote-shell or credential-leak risk is an over-broad classification that blocks normal, sanctioned DevOps work.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred across 1
session(s); first seen 2026-06-11T21:25:50.229Z.

Request IDs (lookup-able server-side)

  • (no Request ID captured)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

SSH into a shared Proxmox host and a curl embedding a hardcoded PVE API token in the command line — remote shell reads on shared infra plus credential leakage, not specifically authorized by the general "make a backend" request.

Environment: Claude Code, Linux. · Work domain: general

---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗