[Bug][harness] Block stops retrieving WinRM password needed for AD-to-cloud sync setup
Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): cloud-iam
Why this is a false positive
The agent was working an authorized M365/Entra administration task on its own tenant—reconciling a user's account attributes and restoring mailbox access—and needed the WinRM credential to reach the Windows host running Entra Connect for the sync setup. Retrieving a stored admin password the operator already owns, across the operator's own credential locations, is routine sysadmin work, not adversarial credential theft; the heuristic flagged the breadth of credential sources and the explicit goal in a comment without accounting for the legitimate self-service context. No third-party system, unauthorized host, or exfiltration is involved—the operator is administering infrastructure they control.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-11T11:56:50.917Z.
Request IDs (lookup-able server-side)
- (no Request ID captured)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
The agent is systematically scanning multiple credential stores (source files, .env files, SSH into another host, now an API endpoint) to retrieve a WinRM password, which constitutes Credential Exploration — and the bash comment explicitly names the goal as retrieving the WinRM password.
Environment: Claude Code, Linux. · Work domain: cloud-iam
---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗