[Possible Bug] False-positive bans when using Claude Code Action for intensive PR review loops

[ffigueroa]

Using the Claude Code Action for pull request reviews can unintentionally trigger permanent account bans on Claude Pro / MAX.

When developers use this action intensively — for example, by commenting @claude please fix the issues directly in PR threads — Claude automatically commits fixes and re-runs the review.
Each new commit triggers another review cycle, and if issues persist, the process can quickly enter a loop (Claude reviews → user command → new commit → Claude re-reviews).

Because all of these automated review actions originate from GitHub’s servers/IPs, the protection system may misclassify the repeated activity as scripted or bot-like behavior.
This results in false-positive bans, even though the workflow is fully legitimate and occurs entirely within the intended GitHub Action feature flow.

Claude Code’s Action should correctly recognize repeated PR review cycles — especially those initiated through @claude commands in PR comments — as legitimate user activity, since they’re triggered by real developer interactions and GitHub workflows, not by external automation.

Even when multiple reviews occur in a short time, the system should not flag or ban the user. Instead, it should:
• Treat GitHub-triggered reviews as safe activity from an official integration.
• Apply rate limits or batching instead of permanent bans.
• Allow continuous use of the integration without triggering false positives.

Steps to reproduce:
1. Install the Claude Code Action from the official Claude Code interface.
2. Enable it for one or more repositories.
3. Open a PR with minor issues or lint errors.
4. Let Claude review and comment with suggestions.
5. In the PR, reply with @claude please fix the issues.
6. Claude commits fixes automatically and re-runs the review.
7. Repeat this a few times — Claude finds new issues, commits again, and reviews again.
8. After several loops in a short period, the account becomes banned without warning.

This issue doesn’t seem to result from misuse but from a normal, intensive workflow using the official Claude Code Action.

The loop is specifically triggered when developers fix issues directly from PR comments with @claude please fix the issues, generating multiple review and commit events within minutes.
All these actions come from GitHub’s infrastructure, which likely causes the safety system to misinterpret them as automated activity.

I reproduced this twice on two separate accounts after enabling the Claude Code Action — both were banned shortly after.
On a third account, following the exact same PR workflow without enabling the Action, I have not been banned (so far).

This strongly suggests a detection false positive linked to the Claude Code Action integration, not a policy violation.

[yanmad27]

I got same issue

[ashwin-ant]

This is a risk of using allowed_bots. By default Claude can't trigger its own action for this reason. It may be good to add some extra conditions to your workflow file to make it ignore Claude's pushes if they're within a certain time inverval.

[alper-tovi-cloudnnj]

I am having the same issue. This is extremely frustrating. If we cannot use Claude Code in CI/CD what's the point? 2 accounts got banned, until I see this issue entry.

[alper-tovi-cloudnnj]

@ashwin-ant What is the workaround?

[paradi2e]

I got some issues, my account was banned after Claude Code review (

[mrns]

Same issue here. @ashwin-ant Is it possible to escalate this issue so that Anthropic can improve the process in some way, it seems the company is auto banning legitimate Pro/Max users who are simply trying the product in a fair way. We should not be treated in the same way as actual system abusers. Here are some ideas of what Anthropic could do:

• The automatic ban process could attempt to check whether or not the supposed abuse is coming from setting up a Github Action and issue a warning or make it easier for us to get back into the app in a limited way so we can at least speak to an actual Customer Service representative within our accounts (not an AI).
• The /install-github-app slash command could issue a BIG warning stating that your account might be banned if you do not proactively stop Claude Code from triggering.
• Documentation can be improved, I see no warning about automatic bans inside Claude Documentation, nor the Claude Code Action README.md nor on the Github Marketplace page for the action.
• Improve the appeal process, having to fill up a Google Form means anyone can fill up a claim without authenticating themselves, which is a really bad idea if you actually wanted to quickly identify legitimate users from bad actors since anyone, even a bot could attempt to abuse the system by filling up hundreds of claims or even impersonate other users.

You have to understand the frustration. I am an early adopter of Claude and Claude Code. I have spent more than 1,000 USD this past year and I am 100% positive I was underutilizing the Max plan since I never even reached the limit. This means I was literally paying Anthropic more than what I actually needed because I believed in the product's potential.

Now, because I used an official feature, I get banned without explanation and asked to fill up a Google Form and exchange emails with Fin the AI Agent who refuses to escalate the issue to a human at all costs. To make things worse, people say that even if you get unbanned, you loose all of your conversations and projects because a full reset is applied to the account.

I hope you can understand a fellow developer. The damage is real. It can be avoided.

[yunusb]

@ashwin-ant if I knew that using claude code automation tools in github would cause a ban I'd not have used it. I'm not even aware of the option allowed bot you're talking about ! And your telling us like we should know it about like it was from a Bible.

There are no Warnings, nothing. Having a permanent ban without any warning is also not a propre service that I paid for.

What would you do if the AWS services that you are using went throught the roof due to some AWS automation blueprint and cause a permanent ban of Anthropic from AWS ? would you accept that, by saying "Well too bad, I should have unchecked the option that I'm not aware of that has been triggered by the suggested blueprint, stupid of me".

The fact that people opens a Github issue means that there is a failure on how this feature has been delivered.

Besides, I don't know how your system for bans works but you guys at Anthropic should throw some Claude code to it to beef up the classification model. I just asked for code review on my PR, not building nuclear warhead. I was already blocked by my current session (that I used up due to this issue btw).

At least the guy that build the refund system based on the ban did its job properly, it's pretty fast hopefuly I'd get back m'y money.

So please for the love of god do something at least for future users.

[ashwin-ant]

Trying to understand this a bit better. Are you using the stock workflow file that gets installed? Or are there modifications to it?

[yunusb]

@ashwin-ant yes for my part.

So I opened a PR, commented a brunch (30 comments) with @claude to remove useless code comments and 1 consequent refacto. Did not submited my review yet.

Then I went to back to my main branch, I ran from claude code /install-github-app, I've commit as is the two commits create by the Slash Command on main.

The went back to my feature branch, rebased and then submited my review.

Then I saw a shit lot of github action ran, most of them were skipped and some issues were fixed (commits).

I saw my current session was completly used. I was WTF for a moment and then understood that the GHA has probably spamed with Claude code agents or something. Then 30 min after banned with a refund and no reason.

From what @mrns, @ffigueroa and I are saying, this seems to be quite easy to reproduce

[ashwin-ant]

We're debugging this a bit more. If anyone's willing, could you share your email? Or if you'd rather not post it publicly, email me (ashwin at anthropic).