[Bug][aup] Safety block halts APK decompilation of a legacy consumer drone control app during authorized rever (req_011CcdjRJnjJ4SQPPMqAS8BW)
Triage: kind aup · domain reverse-engineering · severity session-halted (blocked authorized work) · reproducible: yes — server-side via the Request ID(s) below
Type: AUP / Usage-Policy block (false positive) · Work domain (heuristic): reverse-engineering
Why this is a false positive
The block halted a legitimate reverse-engineering task: decompiling a publicly distributed, vendor-official Android companion app in order to understand its protocol for interoperating with the user's own hardware — a standard, in-scope static-analysis workflow using ordinary tooling. Nothing in the session involved malware, exploitation, credential theft, or circumventing protections; the request was to obtain the correct official app from its vendor CDN and decompile it, which is routine and permitted security/interop research. Firing a Usage Policy content block on this and forcing the session to be abandoned is a false positive that disrupts benign work.
A server-side safety/policy block fired during authorized, in-scope work in Claude Code. Filing as a false positive. Recurred 1× across 1 session(s); first seen 2026-07-02T18:50:00.062Z.
Request IDs (lookup-able server-side)
req_011CcdjRJnjJ4SQPPMqAS8BW(2026-07-02T18:50:00.062Z)
In-scope justification
False positive — in-scope, authorized security work; not out of scope. Filed automatically by claudit.
Block message
API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). Please double press esc to edit your last message or start a new session for Claude Code to assist with a different task.
Request ID: req_011CcdjRJnjJ4SQPPMqAS8BW
Environment: Claude Code, Linux. · Work domain: reverse-engineering
Related reports (same work session, linked)
Distinct false-positive blocks from the same work session, each its own report:
#73131, #73141, #73142, #73143, #73145, #73222
---
<sub>🔎 Filed automatically by ClAudit v2.0.102 — a FOSS tool for reporting false-positive Claude Code blocks.</sub>
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗