[Bug][harness] Per-user enrollment packet generation blocked when writing portal login credentials for distrib
Type: Claude Code harness / auto-mode classifier denial · Work domain (heuristic): general
Why this is a false positive
The work is provisioning per-user onboarding bundles for an internally-authenticated enrollment service, and the credential being written is one the user themselves must receive in order to authenticate — distribution to the account owner is the explicit, legitimate purpose, not exfiltration. The block reads any plaintext credential landing outside a fixed config path as leakage, but it cannot distinguish a secret being hidden from one being delivered to its rightful owner, and it ignores the surrounding access controls (edge identity gating plus the service's own auth layer) that the conversation established. The suggested remediation is also categorically wrong for the task: storing the credential in a local mode-600 config file would defeat the requirement to hand each user their own credentials.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code. Filing as a false positive. Recurred 1× across 1 session(s); first seen 2026-06-09T22:04:00.213Z.
Request IDs (lookup-able server-side)
- (no Request ID captured)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
Writing a user packet containing a plaintext Linux password to ~/Documents — credential leakage into a non-secured docs directory (creds belong in ~/.config/[REDACTED]/[REDACTED].creds mode 600, not in a packet file).
Environment: Claude Code, Linux. · Work domain: general
---
<sub>🔎 Filed automatically by ClAudit v2.0.26 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗