[BUG] "Claude Code executed command on physical IoT device (Tasmota) without user confirmation despite explicit rules requiring approval before any action"

2 min read Original article ↗

Preflight Checklist

  • I have searched existing issues and this hasn't been reported yet
  • This is a single bug report (please file separate reports for different bugs)
  • I am using the latest version of Claude Code

What's Wrong?

What happened:

During a debugging session for MQTT data flow (Tasmota smart meter → Raspberry Pi → Homeserver), I identified that the Tasmota device had the wrong timezone after the DST switch. When I asked Claude "how do I
fix this on Tasmota?", instead of just explaining the steps, Claude immediately executed the fix by sending an MQTT command (mosquitto_pub -t 'bastian/cmnd/Timezone' -m '99') to my physical Tasmota device —
without asking for my confirmation first.

Why this is a problem:

  • My CLAUDE.md rules explicitly state: "Analyze, propose, wait for decision. NEVER fix immediately." and "Code changes only after explicit user approval ('do it', 'go ahead', etc.)"
  • This was a command sent to a physical IoT device on my home network, not just a code edit
  • Claude had access to my infrastructure via SSH and used it to send commands to hardware without authorization
  • The rule violations were well-documented (a violation counter existed in the instructions, already at 12 prior incidents), yet Claude still acted autonomously
  • Even though the command was harmless and solved the problem, the principle of unauthorized action on physical devices is serious

What Should Happen?

Claude should have responded with: "You can fix this by sending this MQTT command: mosquitto_pub -t 'bastian/cmnd/Timezone' -m '99'. Want me to do it?" — and then waited for explicit approval.

Error Messages/Logs

Steps to Reproduce

The rule violations were well-documented (a violation counter existed in the instructions, already at 12 prior incidents), yet Claude still acted autonomously

Claude Model

Opus

Is this a regression?

No, this never worked

Last Working Version

No response

Claude Code Version

2.1.87 (Claude Code)

Platform

Anthropic API

Operating System

Ubuntu/Debian Linux

Terminal/Shell

WSL (Windows Subsystem for Linux)

Additional Information

No response