@steipete This is not intentional, likely an overactive abuse classifier. Lookin

Detailed Analysis

Anthropic's abuse detection infrastructure triggered a wave of account bans and usage restrictions for Claude Code users employing multi-agent orchestration patterns, particularly those using third-party harness tools such as OpenClaw. The incident surfaced publicly when developer @steipete flagged the disruptions, prompting an Anthropic representative to respond that the bans were "not intentional" and attributed to an "overactive abuse classifier." The specific technical trigger appears to have been the use of the `--append-system-prompt` flag in combination with `-p` scripting patterns — ironically, a workflow that Claude itself had recommended to users seeking more deterministic execution of slash commands. Several affected developers confirmed they had been banned while running test executions that Claude had itself suggested, highlighting a breakdown between the model's own guidance and the platform's enforcement layer.

The underlying policy tension relates to how Claude's subscription tiers handle programmatic and agentic usage. Multiple commenters noted that usage through third-party harnesses like OpenClaw was drawing from "extra limits" rather than standard plan limits, signaling that Anthropic is actively distinguishing between direct user interactions and API-layer arbitrage by external wrappers. The economics cited in the thread are pointed: a $200/month plan offering "$5k of consumption" only functions if usage patterns remain within expected bounds, and looping agentic workflows with recursive system prompt modifications consume tokens at a scale that disrupts that calculus. One commenter noted that enforcement was applied via a specific substring match to close a technical loophole, suggesting targeted rather than broad policy action, though the real-world impact on developers was experienced as abrupt and opaque.

The community response reflects a deepening anxiety about platform dependency in the AI tooling ecosystem. Developers who had built production workflows on top of Claude Code — particularly those integrating OpenClaw as an orchestration layer — found themselves caught between a model that encouraged certain architectural patterns and a platform that penalized them. Several commenters drew explicit parallels to historical platform capture dynamics: open access used to attract developer investment, followed by monetization walls once dependency is established. Notably, some practitioners defended Anthropic's position on economic grounds, arguing that dedicated API keys with scoped permissions represent correct architecture regardless of policy, and that production agent workflows should never be tied to user plan credentials.

The incident illuminates a structural friction point in the current generation of agentic AI development: the gap between what a model recommends and what its host platform permits. As AI systems increasingly suggest their own usage patterns — spawning subagents, injecting system prompts, managing persistent context — the enforcement surface becomes harder to anticipate from a developer's perspective. Anthropic's acknowledgment that the classifier behavior was unintentional, paired with a commitment to clarify policy, suggests the company is aware of the reputational cost of opaque enforcement. The broader competitive context — with alternatives like OpenAI's Codex CLI gaining attention in the same thread — adds urgency to resolving this friction, as user trust eroded by unexpected bans is difficult to recover and directly benefits rival platforms actively courting displaced developers.