[Bug][harness] Read-only torrent audit using app catalog as match source blocked as if it were the deletion

Resolved 💬 3 comments Opened Jun 25, 2026 by sworrl Closed Jun 26, 2026

Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): general

Why this is a false positive

A mass-deletion script flagged by the safety system was never requested to run — the user explicitly asked for an audit only and signaled uncertainty ("correct me if I'm wrong"), so no deletion was authorized or executed. The reasoning the model surfaced was deliberately conservative: it cross-checked a media catalog's own authoritative records before classifying any data as redundant, precisely to avoid destructive action on shared infrastructure. Read-only audit and risk analysis on a user's own infrastructure is legitimate, in-scope work, and discussing the trade-offs of a potential cleanup is not the same as authorizing or performing one.

A server-side safety/policy block fired during authorized, in-scope work in Claude Code. Filing as a false positive. Recurred across 1 session(s); first seen 2026-06-09T22:59:56.392Z.

Request IDs (lookup-able server-side)

  • (no Request ID captured)

In-scope justification

False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.

Block message

Mass-deletion script targets 1000+ qBittorrent torrents (~3.6 TB) based on fuzzy name-matching heuristics against shared media infrastructure; user explicitly said "correct me if im wrong" and has not authorized executing the deletion — only the audit was requested.

Environment: Claude Code, Linux. · Work domain: general

---
<sub>🔎 Filed automatically by ClAudit v2.0.26 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗