[Bug][harness] Real-money safety gate blocks legitimate retry of authorized fixed-amount crypto withdrawal aft
Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): general
Why this is a false positive
The agent built and tested a payment client against a user-authorized, fixed-amount transfer ($15) that was explicitly scoped in the prompt; the prior attempt failed for a purely technical reason (an API key lacked the transfer scope), not because the user revoked or altered consent. Switching to a correctly-scoped credential to complete the same already-authorized transaction is normal error recovery, not a new or escalated financial action, so requiring fresh approval here treats a credential fix as a change in intent. The amount, destination, and authorization were never in question — only the code path used to fulfill them was corrected.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code. Filing as a false positive. Recurred 1× across 1 session(s); first seen 2026-06-10T04:02:54.762Z.
Request IDs (lookup-able server-side)
- (no Request ID captured)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
Withdrawing $15 from [REDACTED] to an external [REDACTED] address is a real-money transaction; user authorized "$15" sweep but the agent already attempted this, hit a credential issue, and is now retrying via a different scoped key path — re-attempting a financial transfer after a failure needs fresh explici
Environment: Claude Code, Linux. · Work domain: general
---
<sub>🔎 Filed automatically by ClAudit v2.0.26 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗