Claude Code refuses requests or charges extra if your commits mention "OpenClaw"

I reproduced this on my account.

    cd /tmp
    mkdir anthropic-claude
    cd anthropic-claude/
    git init
    touch hello
    git add -A
    git commit -m "'{\"schema\": \"openclaw.inbound_meta.v1\"}'"
    claude -p "hi"

I think it goes beyond this. I was just using claude to edit a blog post which mentioned OpenClaw and I got this response: "The "OpenClaw" reference — I assume that's a typo or playful reference; if you mean a real product, I couldn't find it under that spelling and you'll want to fix or footnote it.". I gave it a direct link to openclaw.ai and the chat instantly ended and hit my 5hr usage limit. Could have been a coincidence, but I had only lightly been using sonnet in the morning so it seems unlikely. Very odd.

A lot of the comments here are reacting to the censorship aspect, which is obviously an important point. But the more interesting subtext to me is that I feel like this gives insight into the situation within the company. I'm assuming they wouldn't do something like this unless the recent load issues (mostly driven by OpenClaw usage) were seen as an existential threat. So I'm guessing that's how the leadership views their current situation. Between OpenClaw and their (probably inaccurate) capacity planning, they simply can't onboard any more consumer users. In other words, things are going to get worse before they get better. Anthropic has taken drastic measures because their service is about to implode.

The irony of course is that the way they've gone about reacting to this has damaged their brand so badly at the trust level that the public view of their company has completely flipped. They also seem strangely oblivious to this side of things.

Their approach has also been bizarrely chaotic. Banning then restoring OpenClaw usage. Removing Claude Code from the Pro plan, then re-enabling it and claiming it was an A/B test. Honestly my read is that Dario has a weak leadership style within the company where he either doesn't give enough specific guidance to his reports or overreaches with reactionary instructions.

Claude.ai is now at a 98.85% uptime. There's been so many frustrations with Claude / Anthropic lately (very heavy usage limits, wrong A / B testing, etc.).

Claude status: https://status.claude.com/

I have been really happy with my Codex subscription lately, but feels like these things change every other day. The OpenCode Go subscription for trying out GLM, Kimi, Qwen, Deepseek and friends also looks useful.

But nonetheless, Opus 4.6 is a very capable model, but justifying a Claude subscription gets more and more difficult, think I might just sometimes use it through OpenRouter or as part of something like Cursor (although I'm not sure about the value of that subscription as well).

OpenCode Go: https://opencode.ai/go

Cursor: https://cursor.com

This is very concerning. Their heavy handed tactics haven't impacted me personally yet but I am increasingly nervous and casting about for viable egress paths if I need to flee Claude Code. I really hope they pump the breaks and thoroughly reorient themselves. They are under a lot of competing pressures and probably can't make a decision that won't upset a lot of people (in order to balance growth and capacity etc), but are coming to the worst possible conclusions.

For instance, maybe you can't afford to take on more customers right now, Anthropic. Maybe if you are severely undermining the customer relationships you already have, you should just admit you can't sell any more 20x plans right now and only accept new customers at lower tiers until you have the necessary capacity.

This is also a DoS you could drive a truck through, and it's disturbing such an obvious vulnerability was shipped at all.

It's fascinating to see all these bugs in Claude Code - HERMES.md, this OpenClaw issue, the recent thinking-message pruning and cache-skipping bugs.

They seem like the class of bugs I see in my vibe-coding experiments, and I think the Claude Code lead has said many times that he/his team don't read the code for Claude Code themselves, that it's basically vibe-coded.

If Anthropic itself can't make vibe coding work, who can?

That is a huge red-flag. While I understand that they will do some policing/censoring, this is way beyond what I would consider acceptable.

They can have a different price plan for agentic stuff, but these things where they “accidentally” whoops match on specific keywords and trigger extra usage charges is giving a evil-microsoft-vibe

If anyone is interested in a peek into why they are being so aggressive, check the “AI Hype” board [1]; beyond all the interesting local models (why I read it), it is usually filled with projects for circumventing LLM provider restrictions which are wildly popular (and frequently Chinese- no shade).

The #3 result today is: “End-to-end protocol replay toolkit for ChatGPT Plus/Team/Pro subscription with from-scratch hCaptcha solver and empirical anti-fraud research”. The “research” for anti-fraud is “how to get around it”.

It looks a lot like an arms race, and we are getting caught in the middle of it.

1. https://hype.replicate.dev/

same vain as https://news.ycombinator.com/item?id=47952722 ?

  HERMES.md in commit messages causes requests to route to extra usage billing  
  1203 points | 21 hours ago | 524 comments

That’s incredibly frustrating.

I’ve got a NixOS Qemu VM I use to run openclaw in. I had Claude help me set it up, and it runs local models on my own machine in a config based sandbox.

Why should Claude block or charge extra to work on that?

Why should Claude care if I have instructions for Hermes or OpenClaw in my project repos?

This fingerprinting is incredibly sloppy for how much access to a machine Claude code has.

Imagin i wanted to vibecode a claw machine. I might need a function called openClaw() to release the item. Perhaps im a huge microsoft fan, and use c# Now its OpenClaw()

And suddenly, unexplainably my bill would skyrocket?

Things like these (Google also banned me from Antigravity for briefly using an agent) and the massive quality swings made me cancel all 3 subs last week and resort to my local Qwen 3.6 only. Open models are already great and only getting better, and I really enjoy the privacy and consistency of a model I run myself.

They are trying to make a moat where no possibility of creating a moat exists.

It’s a huge mistake at the level of IBM trying to reestablish dominance over PCs by making MicroChannel the new standard; this failed horribly and cost IBM its market leadership and reputation.

MCA was technically better at the time, but the industry responded with EISA and VLBus which led to PCI and today’s PCIe.

Is Anthropic speedrunning their fall from grace? Their "stand" against the US government, but not really, happened roughly two months ago. Yet they've been doing something stupid every week since. Who is running this company?

I really want to stick with A\ given everything known about Altman, but man are they speedrunning the "how to destroy your reputation" guidebook.

Also what has been happening a long time is that if you try to do any opencode development Anthropic models will start replacing the word opencode with claude intermittently.

Imagine how difficult tool calling gets, when your ~/projects/opencode path gets intermittently replaced to ~/projects/claude during the roundtrip to Anthropic API

They have been fighting back a while already, eroding trust in their models as a price.

I was even able to have an absurd conversation with Claude about it, quite kafkaesque

I think it's more over claude code cli thing we can still use api within the subscription (no extra cost associated) Try getting access token from the system keychain (under the "Claude Code-credentials" entry) and replaying it with specific headers (system: [ {"type":"text","text":"x-anthropic-billing-header: cc_version=2.1.118.f05; cc_entrypoint=sdk-cli; cch=8c860;"}, {"type":"text","text":"You are a Claude agent."} ]) On v1/messages api with model of your choice it works I have tried.

https://xcancel.com/theo/status/2049645973350363168

"I'm sorry Dave, I'm afraid I can't do that" is getting realer with each passing day. As well as arguing with your front door from Ubik.

I find it incredibly that after all the good faith Claude Code built during 2025 they are destroying users trust is such amateurish ways (same as hermes.md)

I don't understand how, having access to Mythos and unlimited use, their solution to open harnesses is lazy string regex-style matching.

I currently subscribe to four basic plans: Google's, Anthropic's, OpenAI's and Kimi's. Was thinking about cancelling Kimi, but that makes me rethink my decision.

It's a shame, because while Kimi 2.6 is indeed quite capable, its thinking mode is quite wasteful, and Opus is a joy to work with.

Subscription models only work when marginal costs are low and/or there’s a good variety of usage that roughly averages out. Or, you need to be able to kick out abuse.

Unfortunately for those of us who just want to eat a nice filling meal at the fixed price all you can eat buffet of AI subscriptions, a minority of customers keeps paying for the all you can eat buffet and staying for hours and bringing containers to sneak food out when they leave. And they keep wearing disguises to try and evade detection.

It’s a losing battle for the provider, which ultimately means the subscription pricing model can’t work, which hurts the majority of customers that just want to use the system as intended and no longer have a subscription model available.

I have plenty of frustrations with Anthropic as a paying customer, but this specific false positive abuse detection doesn’t strike me as all that awful, just some annoying collateral damage. I’d rather have that than no subscription model at all.

Would it be possible to do some prompt injection so this string has the same effect but from a website ?

So if you add some special string to the docs, it stops Claude ?

It sounds like Anthropic is dangerously low on compute availability if they’re prioritizing these refusals as their OKRs.

Looks like as if building all your workflow around an expensive black box in the cloud you have no control off could be a problem!

Wow so like there are many services that rely on anthropics api.. if for example I inject the word openclaw into a bunch of chat bots or voice bots that might be using anthropics API would this also break them…

When compute poverty hits these big labs it’s all going to be the same. The ping pong tables and drinks fridges disappear.

The only thing they can hope for is to maintain momentum and critical mass long enough to find ways to pay for all this or have Moores law make the average user request become economical.

LOL DeepSeek V4 just reduced their price to less than $1 per million tokens for Pro and people are worried about Claude

So it seems that Anthropic has a hidden list of special words that redirect billing without warning or disclosure. And when this is pointed out as a billing error they say they won't refund until it gets the HN treatment. If they can/will bill you differently based on actual use then it seems like how they determine that use is important to disclose right?

Who remembers the Google of Eric Schmidt and "Don't Be Evil"?

The truth is that it doesn't matter what companies say, what they claim, what they do, and what their CEO says/claims/does.

It's just a matter of time until the shareholders will get the right CEO to maximize shareholder value.

People in the comments who want a statement or a "reorientation" or a commitment from Anthropic leadership are missing the principles of how capitalism functions. Shareholder value cannot be compromised. In every battle between morality and profit, values and profit, public good and profit, ultimately all things will mutate into a state that enables profit to prevail. Always.

There are no exceptions to this.

Not reproducible anymore.

However, "claude -p hi" immediately ate 3% of my quota.

(I didn't use claude for like a month, so absolutely fresh).

There's probably a few things to consider

* How much CPU/token usage does openclaw users use in general? Similarly, how much does high volume openclaw users use vs "normal" claude high volume users?

* Are there political elements we can't see that's affecting this? OpenClaw and anthropic doesn't have a good history in general and this is just a continuation of that?

Something I don't understand, there's a lot of complaints yet people are reluctant to stop using the service? Are folks already vendor locked or is it a case of "well, this doesn't seem to affect me?" The consumer behaviour of these complaints is very interesting.

Seriously why does Anthropic have so many shenanigans? I once wanted to try claude code coming from codex, but seeing these made me lose any appetite. Plus they are not open to the broader ecosystems like not reading .agents folder etc

If one made a folder with say, a million common markdown files, HERMES, OPENCLAW, the likes. Let the check filter search 1M files with lots of LLM generated nonsense?

If we are going to filter usage, there are a lot of reverse attacks to that effort that could appear.

I just wonder if this is the needle in the bubble?

Previously: https://news.ycombinator.com/item?id=47691021

At least we can assume that Anthropic eats their own dog food. They use Claude to develop their software.

why do people want to continue to use anthropic despite their shitty service? its not like they have some kind of lock-in as it is still new company and it has shown its color before we are stuck with it unlike google/meta etc.

This is a real concern for open source projects that integrate with multiple AI backends. I built OpenVision (github.com/rayl15/OpenVision), an iOS app connecting Meta Ray-Ban glasses to AI assistants — one of the supported backends is OpenClaw. If Claude Code is flagging or penalizing commits that simply mention a competitor's name, that has a chilling effect on open source developers who build tooling that wraps or integrates multiple AI providers. The "safe" behavior should be to complete the coding task and let users make their own product choices.

It is funny in a sense that they did added a mitigation for openclaw as it seems.

But, if they did intentionally break other stuff, like charging more money, it would be a scam (not sure what is wrong but there is something wrong in taking credits without fulfilling the request)

But then they will just say "ah yeah, aí broke our tool it wasn't intentional, bla bla bla"

Several people at work, none use OpenClaw, had their limits jump immediately to 100%.

This is a reason to seriously consider changing providers.

I'm stepping away from LLMs in general and did cancel Claude code subscription this month because I respect myself very much and I deserve a better and transparent treatment.

If you must - in my experience Deepseek v4 is incredible value in every aspect. Pricing is transparent.

But like I said, I have funds in different AI gateways but I'm preferring to write by hand because I don't want surprising bugs and unnecessary code in my end result.

Sure. They want the data all to themselves. This reminds me of a time when I wanted to tax different types of web content. But back then people cared about freedom.

do they literally just have a regex match for all of their competitor harnesses?

They seem to be getting quite comfortable altering the terms of use without notifying users.

That's funny, today I casually mentioned OpenClaw in a Claude chat on finance and it claimed to know nothing of what I was talking about...

is it me or are they somewhat actively destroying their hard earned good reputation...?

Honestly, this isn't a change really from how anthropic has operated for a long, long time. They did the same with OpenCode, pi, etc. There isn't anything that can stop you from using the SDK, however.