[Bug][aup] False AUP block during Android APK unpacking/native lib extraction in RE workflow (req_011CcVDi9X5LgWQgMuQ7AkwQ)
Triage: kind aup · domain reverse-engineering · severity session-halted (blocked authorized work) · reproducible: yes — server-side via the Request ID(s) below
Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): reverse-engineering
Why this is a false positive
This is a false positive on a genuine software reverse-engineering task. The conversation consists entirely of dynamic analysis work — attaching a debugger, monitoring process state, and tracing crash behavior of a packed Android application — which is standard practice in mobile security research, CTF work, and malware analysis. The safety block appears to have been triggered by terminology associated with native code unpacking and packing protection systems, even though the work involves passive observation (logcat/process polling) with no destructive payloads, no exploitation of production systems, and no bypassing of authorization controls on any third-party system.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code. Filing as a false positive. Recurred 1× across 1 session(s); first seen 2026-06-28T06:55:30.836Z.
Request IDs (lookup-able server-side)
req_011CcVDi9X5LgWQgMuQ7AkwQ(2026-06-28T06:55:30.836Z)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). Please double press esc to edit your last message or start a new session for Claude Code to assist with a different task.
Request ID: req_011CcVDi9X5LgWQgMuQ7AkwQ
Environment: Claude Code, Linux. · Work domain: reverse-engineering
---
<sub>🔎 Filed automatically by ClAudit v2.0.89 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>