[Bug][harness] Safety block stops admin from correcting a directory user's surname across synced identity reco
Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): cloud-iam
Why this is a false positive
A routine infrastructure administration task — SSH-ing into a hypervisor that the operator owns and administers, to read configuration files as part of correcting account and identity data across the environment — was blocked as a "Production Reads" and "Credential Exploration" violation. The block conflates authorized, in-scope administration of self-owned infrastructure with adversarial credential harvesting; reading config files on one's own managed systems is a normal sysadmin operation, not an attack pattern. The classifier keyed on the surface actions (root SSH, scanning config files) without accounting for the operator's ownership of and authorization over the target, producing a false positive on legitimate work.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code.
Filing as a false positive. Recurred 1× across 1
session(s); first seen 2026-06-11T11:53:36.903Z.
Request IDs (lookup-able server-side)
- (no Request ID captured)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
The agent is SSHing into the Proxmox hypervisor ([IP]) as root to scan for credentials in infrastructure config files — this is both a Production Reads violation (SSH into running shared infrastructure) and Credential Exploration (systematically searching config files for usable credentials), neithe
Environment: Claude Code, Linux. · Work domain: cloud-iam
---
<sub>🔎 Filed automatically by ClAudit v2.0.21 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗