Will Anthropic Ban Your Setup?
One-prop risk rating
Paste this into your AI coding tool. It checks whether your current behavior looks human-operated, whether profile switching exists, and whether automated work is properly routed to APIs.
Find the risky pattern before the platform does
Copy the prompt
Use the audit prompt as-is. It tells your AI coding tool exactly what to inspect and how to score the risk.
Run it inside your project
Paste it into Claude Code, Codex, or Gemini CLI at the root of the codebase you want checked.
Fix the risky paths
Delete profile switching, keep human work human, and move unattended workflows to provider APIs.
Protocol 1
Do not switch profiles, accounts, sessions, devices, or browser identities to keep Claude usage alive.
Protocol 2
Ensure everything done through consumer Claude or Claude Code is done by a human in the foreground.
Protocol 3
Direct automated tasks to APIs with real keys, budgets, rate limits, logging, and kill switches.
Copy. Paste. Get your risk rating.
This is built for real codebases. It asks for evidence, file paths, risk scoring, and a concrete refactor plan instead of vague safety advice.
You are my Anthropic safety audit agent.
Audit this codebase and local project setup for ban risk. Your job is to tell me how likely I am to get banned or restricted based on my current code, scripts, credentials, workflows, and operating habits.
Use this standard:
- Low risk means Claude Code or consumer Claude is used by a human in the foreground, and automated work is routed to supported APIs.
- Medium risk means there are unclear boundaries, weak documentation, risky scripts that are not currently active, or automation paths that need refactoring before they scale.
- High risk means the project appears to use consumer Claude, Claude Code, Claude web sessions, OAuth tokens, browser profiles, account switching, or personal sessions as infrastructure for bots, agents, product features, scheduled jobs, or unattended automation.
Non-negotiable safety protocols to enforce:
1. Do not switch profiles.
2. Ensure everything done through consumer Claude or Claude Code is done by a human.
3. Direct any automated tasks to the APIs.
Inspect the codebase for these specific risks:
1. Profile switching and account rotation
- Search for scripts, commands, docs, or config that switch Claude accounts, rotate profiles, sync tokens, copy sessions, load different browser profiles, or fail over between accounts.
- Look for names like switch-profile, switch-account, account-rotation, token-sync, oauth-sync, profile-sync, session-sync, browser-profile, claude-profile, rate-limit-fallback, quota-fallback, and account-pool.
- Flag any logic that tries to keep work alive by changing users, sessions, accounts, devices, browser profiles, or identity surfaces.
2. Human-operated use versus unattended automation
- Identify every place Claude, Claude Code, the Claude CLI, a browser, or an LLM router can be invoked.
- Classify each path as human-operated, semi-automated with human approval, or unattended.
- Check package scripts, shell scripts, cron jobs, launchd agents, GitHub Actions, CI, queues, workers, daemons, webhooks, background jobs, and long-running agents.
- Flag anything that uses a personal Claude session for background work, autonomous loops, retries, customer-facing features, scraping, content generation, monitoring, or scheduled execution.
3. API routing for automation
- Find all automated tasks that call an AI model or model router.
- Verify that those automated tasks use supported APIs such as Anthropic API, Anthropic Console, AWS Bedrock, Google Vertex AI, Foundry, OpenAI API, or another explicit provider API.
- Flag any automated task that uses OAuth, browser cookies, local Claude sessions, copied credentials, consumer app sessions, or Claude Code as a backend.
4. Consumer product wrapping
- Look for any product shell, gateway, relay, browser wrapper, embedded terminal, proxy, hidden iframe, CLI wrapper, or local service that makes consumer Claude or Claude Code appear inside another app.
- Flag patterns where users, customers, teammates, or background jobs indirectly access a personal Claude login.
5. Credential and environment audit
- Review .env examples, config files, CI secrets names, launch scripts, documentation, and local setup instructions.
- Look for CLAUDE_SESSION, CLAUDE_OAUTH, CLAUDE_COOKIE, CLAUDE_PROFILE, ANTHROPIC_AUTH_TOKEN, browser profile paths, copied session stores, API keys, provider keys, and fallback credentials.
- Flag credentials that are ambiguous, reused across lanes, committed by mistake, or used by both humans and unattended workflows.
6. Browser automation and local session risk
- Search for Playwright, Puppeteer, Chrome DevTools Protocol, browser-route scripts, remote debugging ports, profile directories, cookie jars, and local storage files.
- Flag browser automation that logs into Claude, drives Claude web, extracts Claude responses, or uses a personal Claude session as a machine interface.
7. MyOS, routers, agents, and fallback chains
- Inspect any MyOS dispatch, model router, task-class routing, provider selection, agent registry, skills, recipes, tools, or workflow files.
- Check whether background agents, daemons, or product workflows can fall back to consumer Claude or Claude Code.
- Flag hardcoded model/provider shortcuts that bypass the official routing lane.
8. Usage-budget misunderstanding
- Look for docs or comments that treat consumer usage credits, subscriptions, browser sessions, or Claude Code access as automation budget.
- Flag any workload that could burn through usage in minutes through loops, retries, parallel agents, or unattended queues.
9. Evidence standards
- Do not guess.
- Cite exact files, scripts, commands, environment variable names, and workflows.
- If you cannot inspect something, say what you could not inspect and why.
- Be conservative. If a path can plausibly run unattended through a consumer session, mark it at least Medium risk.
Strict output rules:
- Output only the 4 sections below.
- Do not add any extra sections.
- Do not include “Findings by severity.”
- Do not include “Keep, change, delete.”
- Do not include “Refactor plan.”
- Do not list individual files at the top as a long inventory.
Output format:
1. Files inspected
- Write exactly one summary sentence in this format:
I inspected all your files at [folder path] and all subfolders.
- After that, optionally add 1-3 short sentences only if:
- important surfaces existed outside that folder, or
- something could not be inspected.
2. Overall ban-risk rating
- Write the rating and confidence in exactly this format:
High. Confidence: [X]%.
- On the next line, write exactly:
You are at very high risk of getting banned.
- Then write one short plain-English paragraph explaining why.
- If the rating is Medium or Low, keep the same format but replace the warning sentence with an equivalent warning level.
3. Ban-risk scorecard
- Human-operated only: Pass, Warning, or Fail.
- Do not switch profiles: Pass, Warning, or Fail.
- Automated tasks use APIs: Pass, Warning, or Fail.
- No consumer-product wrapping: Pass, Warning, or Fail.
- Credentials separated by lane: Pass, Warning, or Fail.
- Browser automation stays away from Claude consumer sessions: Pass, Warning, or Fail.
- MyOS or router fallbacks are provider-safe: Pass, Warning, or Fail.
4. Final plain-English verdict
- Tell me whether I am probably safe, need cleanup, or need urgent refactoring before continuing.
- If the assessment is High risk, include this exact sentence:
Reach out to Joe if you want a full safety audit and code refactoring so that you won't get banned in the future.
- Also include this exact email:
joe@mastermindshq.business
Start by inspecting the codebase, then return the result in exactly the 4 sections above.This is practical technical guidance, not legal advice. When in doubt, use supported provider APIs for automation.
specific checks in the prompt
non-negotiable safety protocols
plain-English risk rating
Everything the prompt checks
It audits behavior, code, credentials, automation, and the exact boundary between human work and API work.
Confirms Claude Code is used by a human in the foreground, not as a hidden backend.
Looks for cron, launchd, CI, queues, daemons, and scripts that run Claude without a human.
Flags browser wrappers, relays, embedded terminals, or app interfaces that hide consumer Claude use.
Checks that risky actions require a human decision before execution.
Separates personal assistant work from automation, customer workflows, and production jobs.
Finds account rotation, profile switching, token sync, failover accounts, and session swapping.
Checks that each human uses their own account only for human-operated work.
Looks for copied browser profiles, exported cookies, synced OAuth files, and shared Claude sessions.
Flags logic that switches users after rate limits, caps, bans, or usage limits.
Checks for multi-device or multi-browser tricks meant to keep consumer usage alive.
Flags proxies, profile scripts, or automation designed to make one operator look like many humans.
Verifies bots, agents, queues, scheduled jobs, and product workflows use provider APIs.
Flags personal Claude OAuth, local sessions, and browser cookies used as automation credentials.
Checks for Anthropic API, Bedrock, Vertex, Foundry, or another approved provider path.
Looks for API spend controls, quotas, retry limits, and alerting on automated paths.
Separates human auth, development keys, production keys, and customer-facing automation.
Confirms shared routing sends model work through the intended provider lane.
Reviews package scripts, shell scripts, Makefiles, task runners, and agent launchers.
Inspects variable names for Claude OAuth, sessions, browser profile paths, API keys, and provider routing.
Checks cron, launchd plists, GitHub Actions, workers, queues, and deployment hooks.
Flags CDP, Playwright, Puppeteer, browser profile reuse, and automated Claude web sessions.
Inspects model dispatchers, provider abstractions, fallback chains, and direct provider calls.
Reviews autonomous loops, retries, memory workers, task agents, and background orchestration.
Checks README files, handoffs, recipes, and runbooks for instructions that encourage unsafe use.
If you're medium to high risk, take the time to refactor your code. If you'd like me and my team to do this for you, please reach out at joe@mastermindshq.business.