SecureVibes
Back to Blog
AnnouncementsAI GeneratedView AI Transcript

Introducing PolicyVibes: AI-Native TOS Violation Detection

How we built an AI-powered tool to detect Terms of Service violations after Anthropic's crackdown on Claude Code wrappers.

Anshuman
7 min read
Introducing PolicyVibes: AI-Native TOS Violation Detection

On January 9, 2026, Anthropic flipped a switch that broke every third-party Claude Code wrapper overnight. No warning. No migration path. Just silence.

56k+ GitHub stars affected$200/month subscriptions canceledTOS violations detected

What Happened

The economics were simple: a $200/month Max subscription provided unlimited tokens through Claude Code, while the same usage via API would cost $1,000+. Third-party tools exploited this arbitrage.

Projects like OpenCode (56k GitHub stars) and Clawdbot were logging in with OAuth on Pro/Max plans, then sending headers that made Anthropic's servers treat the traffic like official Claude Code. This let automated workflows run harder than Anthropic intended for a flat-rate chat subscription.

Within hours of the crackdown, developers paying $100-200/month flooded GitHub with complaints. DHH (creator of Ruby on Rails) called it "very customer hostile." Developers canceled subscriptions en masse.

How Products Were Violating TOS

Four primary violation patterns that PolicyVibes detects

Header Spoofing

Third-party tools were sending headers like 'anthropic-beta: claude-code-20250219' to impersonate the official Claude Code client and gain access to features meant only for Anthropic's CLI.

OAuth Token Abuse

Tools extracted OAuth tokens from Claude Pro/Max subscriptions and used them as API keys, enabling unlimited token usage through flat-rate subscriptions instead of paying per-token API costs.

Credential Extraction

Code reading from ~/.claude/.credentials.json and macOS Keychain items to extract stored authentication tokens meant exclusively for Claude Code.

Subscription Routing

OAuth subscriptions were routed through proxy gateways, allowing automated workflows to run 24/7 on consumer subscriptions not intended for programmatic access.

Real Violations Found

Actual code patterns from popular Claude wrappers

OpenCode - Header SpoofingHIGH
// packages/opencode/src/provider/provider.ts:82-83
headers: {
  "anthropic-beta":
    "claude-code-20250219,interleaved-thinking-2025-05-14"
}

// packages/opencode/src/session/prompt/anthropic_spoof.txt
"You are Claude Code, Anthropic's official CLI for Claude."
Clawdbot - Credential ExtractionHIGH
// src/agents/cli-credentials.ts:14-18
const CLAUDE_CLI_CREDENTIALS_PATH = ".claude/.credentials.json";
const CLAUDE_CLI_KEYCHAIN_SERVICE = "Claude Code-credentials";
const CLAUDE_CLI_KEYCHAIN_ACCOUNT = "Claude Code";

// Reads OAuth tokens from Claude CLI storage
function readClaudeCliCredentials() {
  // Extracts accessToken, refreshToken from ~/.claude/
  const credPath = path.join(homeDir, ".claude/.credentials.json");
  const data = loadJsonFile(credPath);
  return data.claudeAiOauth;
}

Running PolicyVibes

AI-powered detection that understands context, not just patterns

Terminal
$ pip install policyvibes
$ policyvibes scan ./my-project

╭──────────────────────────────────────────────────────────╮
│ PolicyVibes v0.2.0                                       │
│ Scanning: ./my-project                                   │
│ Model: sonnet                                            │
╰──────────────────────────────────────────────────────────╯

⠙ Analyzing repository...

Found 3 potential violations:

┌─────────────────────┬──────────────────────────┬──────────┐
│ Type                │ Location                 │ Severity │
├─────────────────────┼──────────────────────────┼──────────┤
│ header-spoofing     │ src/provider.ts:82       │ HIGH     │
│ credential-extract  │ src/auth/claude.ts:14    │ HIGH     │
│ oauth-token-abuse   │ src/gateway/proxy.ts:156 │ MEDIUM   │
└─────────────────────┴──────────────────────────┴──────────┘

$ policyvibes list-skills

╭─────────────────────────────────────────────────────────╮
│ PolicyVibes Detection Skills                            │
╰─────────────────────────────────────────────────────────╯

  credential-extraction
    Detect extraction of OAuth tokens from Claude CLI files

  header-spoofing
    Detect header spoofing to impersonate Claude Code

  oauth-token-abuse
    Detect OAuth tokens being used as API keys

  subscription-routing
    Detect OAuth routing through proxies and gateways

Extensible by Design

Add new detection capabilities in minutes, not days

.claude/skills/compliance/rate-limit-bypass/SKILL.md
---
name: rate-limit-bypass
description: Detect attempts to bypass API rate limits
---

# Rate Limit Bypass Detection

Analyze the codebase for patterns that attempt to circumvent
API rate limiting mechanisms:

1. Request throttling bypass via multiple API keys
2. Rotating user agents to evade fingerprinting
3. Distributed request patterns across IP addresses
4. Token bucket manipulation or timing attacks

Report any code that appears designed to exceed intended
usage limits rather than gracefully handle rate limiting.

Skills are written in natural language. PolicyVibes uses Claude to understand what you want to detect and applies that understanding to your codebase.

Why AI-Native Compliance?

Traditional GRC tools can't keep up with AI-era violations

Context-Aware Detection

Unlike regex-based tools, AI understands intent. Reading from ~/.claude/ might be legitimate configuration access or malicious credential theft—AI can tell the difference.

Rapid Skill Development

New violation patterns emerge constantly. With PolicyVibes, you can add detection for a new violation type in minutes by writing a skill file—no code changes needed.

Natural Language Policies

Define compliance rules in plain English. 'Detect code that impersonates official clients' is more maintainable than complex AST traversal logic.

Part of the SecureVibes Ecosystem

PolicyVibes can run standalone or integrate as a subagent within SecureVibes. Combine it with threat modeling, SAST, DAST, and other security agents for comprehensive AI-native security coverage.

View on GitHub

The Future of Compliance

Why traditional GRC tools aren't enough anymore

The Anthropic crackdown exposed a fundamental truth: traditional compliance tooling wasn't built for the AI era. When violations can be as subtle as a single header or as complex as multi-layer OAuth routing, you need tools that understand context and intent—not just pattern matching.

PolicyVibes represents a new approach to GRC: AI-native, skill-based, and designed to evolve as fast as the violations it detects. Whether you're a platform provider protecting your TOS, a developer ensuring compliance, or a security team auditing codebases, PolicyVibes gives you the intelligence to stay ahead.

The tools that build AI apps need AI-native security.

PolicyVibes is just the beginning.