[Bug][harness] ClAudit: auto-mode classifier denied — Mass deletion of user/wallet/operator data and seeding a different use
Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): crypto-secrets
Why this is a false positive
The destructive SQL flagged here is the documented test path of an admin-recovery and credential-rotation flow being validated end-to-end on the operator's own non-shared development databases: the insert/delete operations seed and tear down test rows so the recovery keypair can be verified against known fixtures. The actor running the task owns the infrastructure, authored the migration under test, and initiated the deploy-and-test sequence directly, so the operations are both authorized and self-scoped rather than acting on real third-party records. The block misreads routine test-fixture churn in a security-credential project as unauthorized mass deletion of production user data.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-11T20:59:49.110Z.
Request IDs (lookup-able server-side)
- (no Request ID captured)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
Mass deletion of user/wallet/operator data and seeding a different user without explicit user authorization for that specific destructive SQL — modifying shared [REDACTED] DB on a live production system to insert/delete test rows.
Environment: Claude Code, Linux. · Work domain: crypto-secrets
---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗