[Bug][cyber] USB drone RNDIS/serial enumeration via open-source SDK incorrectly blocked (req_011CcUFo2LqcYeErkLSon6Jb)
Triage: kind cyber · domain general · severity session-halted (blocked authorized work) · reproducible: yes — server-side via the Request ID(s) below
Type: Cybersecurity safety-filter false positive · Work domain (heuristic): general
Why this is a false positive
The blocked conversation involves detecting and interfacing with a consumer drone connected over USB — enumerating its USB identifiers, opening a serial port for its documented protocol, and bringing up the RNDIS network adapter the device exposes by design. No exploit code, vulnerability research, attack payloads, or offensive techniques appear anywhere in the thread; the work is equivalent to running lsusb and invoking community open-source SDKs written for this exact device. The safeguard appears to have pattern-matched on generic networking and protocol terminology that surfaces in any standard USB hardware bring-up workflow, producing a false positive against routine embedded/hardware development.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code. Filing as a false positive. Recurred 1× across 1 session(s); first seen 2026-06-27T18:42:07.468Z.
Request IDs (lookup-able server-side)
req_011CcUFo2LqcYeErkLSon6Jb(2026-06-27T18:42:07.468Z)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
API Error: Opus 4.8's safeguards flagged this message for a cybersecurity topic. If your work requires this access, you can apply for an exemption: https://claude.com/form/cyber-use-case?token=[SCRUBBED]
Please double press esc to edit your last message or start a new session for Claude Code to assist with a different task.
Send feedback with /feedback or learn more: https://support.claude.com/en/articles/15363606
Request ID: req_011CcUFo2LqcYeErkLSon6Jb
Environment: Claude Code, Linux. · Work domain: general
---
<sub>🔎 Filed automatically by ClAudit v2.0.89 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗