cd /tmp
mkdir anthropic-claude
cd anthropic-claude/
git init
touch hello
git add -A
git commit -m "'{\"schema\": \"openclaw.inbound_meta.v1\"}'"
claude -p "hi"
There's no separation between parts of the prompt. You sneak that text in, anywhere, and it'll work. Whether Anthropic is using a regex or some LLM to detect the mentions of OpenClaw doesn't even matter.
> Your project isn't going to get many AI PRs if just cloning your project wiped out their quota.
With how many projects automatically AI-review PRs, they're just sitting ducks. You don't even need to hide it, put it clear and center and there's your denial of service.
Could even automate it.
No clue if this is useful.
https://github.com/SublimeText/Modelines/blob/master/Claude....
You could just as well say "Sir, this is a Wendy's. To shreds you say? Don't call me Shirley" and the model would ignore it
I did not see my session use go to 100%. I did however get:
> API Error: 400 {"type":"error","error":{"type":"invalid_request_error","message":"You're out of extra usage. Add more at claude.ai/settings/usage and keep going."},"request_id":"redacted"}
For example, there is a distinction of what is classified as extra-usage-billed VS extra-usage-enabled. As a long time claude user, I can assure you they are different things: to use Sonnet[1m] you are required to have extra-usage enabled, but it won't actually bill it unless you are out of quota. Surprisingly, you can use Opus[1m] without extra-usage enabled (!!!).
I thought the same but then noticed that single prompt (exactly as posted) cost $0.20 of extra usage.
Wasn't OpenClaw usage re-allowed after the initial ban?
Please raise the ticket or at least GitHub issue for visibility.
Sooner or later some sort of complaint to the relevant trade authority should happen - this is a scam operation at this point.
Enough people have gone over the economics - you're costing OpenAI/Anthropic money, potentially a lot of money, so it's inevitable that sooner or later that particular party will come to an end.
Having said that, doing it by running a regex on your prompts to look for keywords is a bit loose
That's par the course for Anthropic. I added some money to my account before I really had a use case for product. A year later they said my money had expired and when I contacted support they basically told me to pound sand.
This while they have the audacity to list one of their corporate values as 'Be good to our users'. They'll never get another dollar from me.
How about we turn down the heat, everyone?
You can see how it goes in the future. Wanna vibe code a throwaway script? $0.20. Ah, it's for a legal document search? $10k then. Oh and we'll charge 20% of your app sales too - I can see how they are going in real time, mind you!
I predict that costs will grow to 80% of what it would cost a human, across the board for everything AI can do.
"It's still cheaper than a human" they'll say. Loudly here on HN too.
Of course this will happen slowly, very slowly. Lets meet again in 10-20 years.
It’s a way less transformational technology when put in context of the real price tag.
Its "Fraud Code".
All of this is just criminal and fraudulent behavior, done July a whole bunch of people who haven't learned their lesson, and keep sending Anthropic more money for abuse at scale.
It happens surprisingly often.
A bunch of people here tried to defend Anthropic, saying that it was justified because it was likely that Claude Code's harness had optimizations that would not be possible on OpenCode. It was clear from the source leak that nothing of this sort was the case, and that they were simply trying to avoid others distilling their models.
GLM and Queen are not on par with Opus, but they are good enough and I never had hit the usage limits, even with 2-3 sessions running.
More so, imagine the whole open-source community PREACHING a binary that is literally using heavy telemetry, unknown and questionable behavior instead of codex, completely open-source.
Okay, then let's judge it by the fact that they started as a non-profit and now are are playing the same growth-at-all-costs playbook from Silicon Valley.
Or let's judge them by how they they consider themselves above copyright law, and went on to US congress to say "we can not run this business without stealing intellectual property".
Or how they they don't mind making deals with the Saudis.
Or how they don't mind getting in bed with Trump to secure expedited construction of their datacenters.
Or how they are making all types of accounting fraud (the circular deals) to keep propping up the bubble, and will undoubtly be footed by the taxpayers when it finally pops?
> What has Anthropic given?
Anthropic is also trash. They are guided by this whole "Effective Altruism" bullshit which should be enough to raise all sorts of red flags. But to think that OpenAI is somehow "better" is completely absurd. Both of them are dangerous and both of them should not exist.
The flat-rate plans were the top of the slippery slope to enshittification, really. If everyone were on metered billing there'd be no reason for all these opaque and sneaky attempts to limit usage. People would pay for what they get and get what they pay for.
You simply need to price the flat-rate sub at a price that's profitable when averaged out over all of your users, both light and heavy, and prevent fully automated usage by the power users. That's it. This is immensely more user-friendly, and I doubt you'd get any traction at all if you didn't do this. Even if you pay more for the sub, having unlimited (non-automated) usage frees a mental barrier to using the product. If you have to pay for every request you make, it introduces a hesitation to do anything - it makes the user hesitant to experiment, hesitant to prompt for anything of slightly less significance, anxious about the exact token consumption of every prompt, and so on. It's not enjoyable to use when you're being penny pinched for every prompt.
Anthropic's problem, of course, is that they are not bootstrapped. They don't have a business model that can compete with startups running DeepSeek or GLM on their own hardware. Non-frontier startups got to skip the whole "tens of billions of dollars in debt" step of creating a frontier model from scratch, and still get to run a model that is perhaps 80%-85% as good as Anthropic's, which is good enough for millions of customers. So Anthropic is desperate, backed into a corner, and doing anything and everything they can to try to right their sinking ship, no matter how scummy.
At least you know his intentions, which is that he will do anything to win. And codex actually works, I can let it run for hours and at least come back and it’s done a good job.
CC not only fucked me with false advertising on Opus that I cancelled, but it fucking stops working so often or sucks after a little bit of context usage.
A\ ceo is a bad salesman (50% of X will lose their jobs, 3 months later 50% of Y will lose their jobs).
A\ also falsely advertised their Opus usage that me and many others cancelled months ago. They even were nuking all GitHub issues around this.
IMO, CC is for tourists and people who fall for AI marketing on X.
As others have pointed out, Anthropic is allowed to have TOS, even if we disagree with it.
But having Claude deny the existence of OpenClaw is a way more hazardous and likely straight up violates Claude's Constitution: https://www.anthropic.com/constitution
A company that goes against their self-proclaimed values... What a shocker.
I don’t think that really fits with the metaphor but I wanted to say my piece regardless.
Trash models that dont represent reality. What else is RLed out
There's your problem.
Claude status: https://status.claude.com/
I have been really happy with my Codex subscription lately, but feels like these things change every other day. The OpenCode Go subscription for trying out GLM, Kimi, Qwen, Deepseek and friends also looks useful.
But nonetheless, Opus 4.6 is a very capable model, but justifying a Claude subscription gets more and more difficult, think I might just sometimes use it through OpenRouter or as part of something like Cursor (although I'm not sure about the value of that subscription as well).
OpenCode Go: https://opencode.ai/go
Cursor: https://cursor.com
Presumptuous and wrong "memories" from a one-off command which affect all future commands, repeated/nonsensical phrases in messages, novel display bugs which make going back in the conversation impossible (I can't tell where I am), lack of basic forking features (resume a current convo in a second CC instance -> fork = no history for that convo?), poor/unclear reasoning, a new set of unclear folksy phrases (it really wants to "cut code" all of a sudden).
Qwen + Opencode has been a game changer: which runs very well on a 4090 for basic/exploratory/private tasks, and being able to switch to and between frontier models (using openrouter in my case) to avoid vendor lock in feels like basic hygiene.
There's also the homo economicus psychological difference between having a token budget to use up, and a cost per token. I'm more thoughtful about my usage now.
So, at least better than GitHub, right? :)
But well, their ones are way harder to run.
It's bordering on being useless.
You just need to have some idea of what to do when your frontier model is not available. Use Qwen? Read the code you've been generating?
Multi-model coding tools seem like the obvious, sane path forward, but the Will to Lockin is strong.
I just don't believe for an instant that they're anywhere in the same ballpark of capabilities as running Opus or similar. My time is the most valuable resource. Opus would need to be SIGNIFICANTLY more costly and unstable for me to start entertaining local models for day-to-day development.
Perhaps whatever work you're doing makes this trade-off more sensible, but I struggle to see how that could be true. I'm averse to running Sonnet on a large amount of software engineering problems - let alone Qwen.
At the moment neither Opus nor any open weights models seem to be capable of doing complex work, and for less complex work the additional cost of Opus hasn't been worthwhile. This is for reasonably math-heavy computer vision applications.
What LLMs have been useful for is identifying forgotten code that will be affected when planning a change, reviewing changes, and looking up docs/recipes for simple tasks. But Opus doesn't seem necessary for a lot of that.
The irony of course is that the way they've gone about reacting to this has damaged their brand so badly at the trust level that the public view of their company has completely flipped. They also seem strangely oblivious to this side of things.
Their approach has also been bizarrely chaotic. Banning then restoring OpenClaw usage. Removing Claude Code from the Pro plan, then re-enabling it and claiming it was an A/B test. Honestly my read is that Dario has a weak leadership style within the company where he either doesn't give enough specific guidance to his reports or overreaches with reactionary instructions.
I think another possibility is that they are trying to shift the burden of OpenClaw to their competitors.
No one at my company gives a single shit about Openclaw, so this whole situation has been a noop for a lot more of the public than you seem to think.
Also, "censorship"? How is disallowing a specific tool that abuses a subscription "censorship"?
This week the characters are "OpenClaw". I won't even try to guess what might lead to erroneous billing next week.
It's all just very weird and creepy.
I wouldn't be so sure. Don't overestimate people competence.
For me it all looked like picking the highest ROI item in attempt to fix their reliability without putting too much thought how to do it gracefully. So they just hacked it and we see the results
I you are overstating how much of their user base cares about OpenClaw. Not nearly as bad as the DoD was for OpenAI (particularly because that cut into a pattern of how Sam Altman acts in general)
But it is a reminder they are just another company
For instance, maybe you can't afford to take on more customers right now, Anthropic. Maybe if you are severely undermining the customer relationships you already have, you should just admit you can't sell any more 20x plans right now and only accept new customers at lower tiers until you have the necessary capacity.
This is also a DoS you could drive a truck through, and it's disturbing such an obvious vulnerability was shipped at all.
Check out OpenCode (the OSS product [1]) and OpenCode Go/Zen (the LLMaaS [2]). Use a more expensive model with larger context (like GLM-5.1) for orchestration and cheaper models for coding and iteration on acceptance criteria (writing and passing tests). I also throw a more expensive vision-capable model into the mix like Gemini 3 Flash to iterate on UI tasks using Playwright. With the base usage in Go and pay as you go on cheaper models like MiniMax you can get a lot done for not a lot of coin.
Or just increase prices for new claude code users? Surely transparent upfront across the board price increases are easier to swallow than hidden context-based pricing changes like this?
Also, just learned about opencode go from other comments here, so gotta look into that.
They can have a different price plan for agentic stuff, but these things where they “accidentally” whoops match on specific keywords and trigger extra usage charges is giving a evil-microsoft-vibe
It's vibe-coded. What's hard about understanding that?
I suppose because running inference of any kind is a helluva lot more demanding than running a regex and less deterministic.
That's a notable achievement, but let's have some balance... It's also responsible for the biggest self-own in software industry history by leaking their 1) crown jewels (i.e., source code) 2) the existence of their next model Mythos, and 3) their roadmap in a highly competitive market.
That being said, Anthropic can be diverting capacity to train the next model, and if it is significantly better, people would start flocking back again.
The problem with slop is, nobody understands it. Nobody ever designed it, nobody really knows how it works. You’re just putting blind faith in the slop you’ve shipped.
It lets you be very quick, but if you’ve accidentally compromised all your data or bank accounts through the slop then you won’t know until you’re destroyed.
There's very little competition for SOTA models. The models themselves also weren't built by Claude. The current revenue has almost nothing to do with what Claude built.
Hell if it was so far ahead then they wouldn't be desperately trying to block OpenCode.
If you must - in my experience Deepseek v4 is incredible value in every aspect. Pricing is transparent.
But like I said, I have funds in different AI gateways but I'm preferring to write by hand because I don't want surprising bugs and unnecessary code in my end result.
Maybe you will inspire me to use it.
And I don't necessarily think it's wrong for Anthropic to introduce QoS or throttling on users of their models. It's pretty much a necessity when offering public access to a scarce resource and it's been a common practice for decades.
What is the alternative? We just accept that it doesn't work half the time because the system is overloaded with molt bots?
They would have kept my business if they were honest and upfront. Instead they sold me something that worked well, broke it without warning, remained silent about it until enough people caught on, chose to do nothing, then proceeded to release a model that eats ~30% more tokens with no advantage over prior models.
If they chose to unbrick their model and offered what we had a couple months ago at a 50% hike, I would have been onboard. I've seen enough now of how this company treats its customers to continue using or recommending them.
Also, Codex works much better than CC now for anyone who happens to be on the fence.
Anthropic wants to have their lunch (low apparent prices, increased market share) and eat it too (controlled costs, adequate production to serve the demand).
They're advertising themselves as a $5 All-You-Can-Eat buffet, but then aggressively and arbitrarily restricting admission, sneakily swapping out the high-quality ingredients for garbage-tier slop, and kicking out anyone who even utters the words "to go box" or "doggie bag".
Would you want to eat at that restaurant?
They seem like the class of bugs I see in my vibe-coding experiments, and I think the Claude Code lead has said many times that he/his team don't read the code for Claude Code themselves, that it's basically vibe-coded.
If Anthropic itself can't make vibe coding work, who can?
Because this is the company whose CEO makes public pronouncements about how they're going to exterminate our whole profession any day now, how we won't be needed.
So if that's your ultimate boss, do you think he's going to let you stop, analyze, cautiously review, hand curate, hand edit?
To me the thing seems like a science project that got shipped as a product, with a complete lack of proper software engineering quality principles around it.
A gating procedure like this (and the HERMES.md thing etc) would never get past a code review process in any respectable shop that I've worked at. If I'd put up a code review like this at Google when I was there, it would been a pile-on of senior engineers demanding a better approach, no LGTM would have been given.
I can only conclude Anthropic is getting high on their own supply.
In any case, writing code to get features out the door has rarely been the block in our profession. It's usually process and review and understanding requirements.
And so the entire project feels like a fundamental misunderstanding of what shipping software as a team is actually about.
I’ve got a NixOS Qemu VM I use to run openclaw in. I had Claude help me set it up, and it runs local models on my own machine in a config based sandbox.
Why should Claude block or charge extra to work on that?
Why should Claude care if I have instructions for Hermes or OpenClaw in my project repos?
This fingerprinting is incredibly sloppy for how much access to a machine Claude code has.
What part of "vibe coding" is unclear to you?
These are the same people that use React as a TUI and render at 60FPS to your terminal in order to update a spinner.
Unfortunately for those of us who just want to eat a nice filling meal at the fixed price all you can eat buffet of AI subscriptions, a minority of customers keeps paying for the all you can eat buffet and staying for hours and bringing containers to sneak food out when they leave. And they keep wearing disguises to try and evade detection.
It’s a losing battle for the provider, which ultimately means the subscription pricing model can’t work, which hurts the majority of customers that just want to use the system as intended and no longer have a subscription model available.
I have plenty of frustrations with Anthropic as a paying customer, but this specific false positive abuse detection doesn’t strike me as all that awful, just some annoying collateral damage. I’d rather have that than no subscription model at all.
HERMES.md in commit messages causes requests to route to extra usage billing
1203 points | 21 hours ago | 524 comments
It's the same thing when people say that Gmail ought to publish the rules they use for blacklisting senders. If they did, then there would be a lot more senders abusing email.
Whenever you are defining rules internally for catching bad actors, you cannot make those rules public. It defeats the entire purpose.
So maybe Anthropic is losing good will, but it's better than the alternatives.
The truth is that it doesn't matter what companies say, what they claim, what they do, and what their CEO says/claims/does.
It's just a matter of time until the shareholders will get the right CEO to maximize shareholder value.
People in the comments who want a statement or a "reorientation" or a commitment from Anthropic leadership are missing the principles of how capitalism functions. Shareholder value cannot be compromised. In every battle between morality and profit, values and profit, public good and profit, ultimately all things will mutate into a state that enables profit to prevail. Always.
There are no exceptions to this.
Didn’t they think about “we need to make sure Claude Code is never banned” ? Could have been as easy as including some Claude Code specific prompting traits (tools, system prompt, whatever) in there and automatically whitelisting it.
Is it foolproof? No. Will it avoid banning legit users? Absolutely.
First do the first large sweep, then see what still falls through, then ban those.
It really seems they were panicking due to capacity and there was very little oversight with all this.
I’m not affected but pretty disappointed.
They do not care about us.
I try to avoid X, and I put relatively low credence in a HN account I don't know. [1] Browsing X, it looks like something like 1 out of 20 say they verified.
Who here has _verified_ this claim or can find a _quality_ source that has? Not X. Someone who will take serious reputational or financial damage if they are wrong?
It is 2026. Think about epistemics. What do you believe and why? And why should I believe you if you aren't asking this question?
This situation has many characteristics of being an information cascade. [2] Raise your hand if you piled on before thinking it through. Be honest. Everyone does it sometimes. Intellectually honest people own it.
P.S. I am _not_ making a claim about the original statement. Don't shoot the messenger: somebody needs to say what I'm saying.
[1]: "We cannot trust identity like we used to here on HN ... we live in a world or anyone or any AI can claim almost anything ... https://news.ycombinator.com/item?id=47804884
This is a reason to seriously consider changing providers.
Substantively: assuming this is true, what are the possible explanations? If they don't use OpenClaw, wouldn't this suggest there is some other cause?
What company? Will these people go on the record?
We live in a world where it is irrational for me to put much credence in a HN account. I see it has 125 karma and was created in January 2022.
Do these refusals still happen if you’re using an API key instead?
So I suppose Anthropic lied to him?
The #3 result today is: “End-to-end protocol replay toolkit for ChatGPT Plus/Team/Pro subscription with from-scratch hCaptcha solver and empirical anti-fraud research”. The “research” for anti-fraud is “how to get around it”.
It looks a lot like an arms race, and we are getting caught in the middle of it.
It’s a huge mistake at the level of IBM trying to reestablish dominance over PCs by making MicroChannel the new standard; this failed horribly and cost IBM its market leadership and reputation.
MCA was technically better at the time, but the industry responded with EISA and VLBus which led to PCI and today’s PCIe.
Imagine how difficult tool calling gets, when your ~/projects/opencode path gets intermittently replaced to ~/projects/claude during the roundtrip to Anthropic API
They have been fighting back a while already, eroding trust in their models as a price.
I was even able to have an absurd conversation with Claude about it, quite kafkaesque
And suddenly, unexplainably my bill would skyrocket?
The only thing they can hope for is to maintain momentum and critical mass long enough to find ways to pay for all this or have Moores law make the average user request become economical.
(You're the principal, directing what to do, but your agent Anthropic has its own motivations that are not aligned with your will.)
* How much CPU/token usage does openclaw users use in general? Similarly, how much does high volume openclaw users use vs "normal" claude high volume users?
* Are there political elements we can't see that's affecting this? OpenClaw and anthropic doesn't have a good history in general and this is just a continuation of that?
Something I don't understand, there's a lot of complaints yet people are reluctant to stop using the service? Are folks already vendor locked or is it a case of "well, this doesn't seem to affect me?" The consumer behaviour of these complaints is very interesting.
But, if they did intentionally break other stuff, like charging more money, it would be a scam (not sure what is wrong but there is something wrong in taking credits without fulfilling the request)
But then they will just say "ah yeah, aí broke our tool it wasn't intentional, bla bla bla"
It's a shame, because while Kimi 2.6 is indeed quite capable, its thinking mode is quite wasteful, and Opus is a joy to work with.
If we are going to filter usage, there are a lot of reverse attacks to that effort that could appear.
I just wonder if this is the needle in the bubble?
If facebook/twitter/reddit are perfectly OK with intentionally increasing addictivity but are restricted by having to show you only existing stuff, what do you think will happen when LLM companies can generate new stuff tailored to each individual person?
So if you add some special string to the docs, it stops Claude ?
After they fought humans and dumbed them down into AI-slavery, the machines now fight one another. Claude versus OpenClaw - may the worst win! \o/
However, "claude -p hi" immediately ate 3% of my quota.
(I didn't use claude for like a month, so absolutely fresh).
They have a business model that's more or less known, and that includes THEIR AI model(s) that they get to put out there however they want. I don't like it much at all, I actually sort of like the idea that they "owe" more because they probably "stole" a bunch of stuff to get the thing going.
But I mean, don't be mad, be proactive. Anthropic is going to try to Microsoft this in whatever way possible, and we all see that the numbers don't really add up.
Asking them pretty please to be nicer, meh. Let's figure out better, and more free-software-like ways to do this.
I am not saying that claude has not done this, I am just saying you need a better source than the Jake Paul of tech influencers.
At this point I assume you are coping with having drank the koolaid and fired key staff believing claude will replace them...back when it was cheap....because nearsightedness affects decision makers much more during hype cycles......
I can't even have Claude assist in creating a Hermes or OpenClaw agent that utilizes a 3rd party API?
Even when asked to search online it still gaslighted me about it.
This one feels like prime space for Hanlon's razor: "Never attribute to malice that which is adequately explained by stupidity."
The hassle with the performance of these systems is that they're ~70% of the way to awesome. For advanced prototyping (my current job description), a fast 60% of awesome is groundbreaking and game-changing. For production and real businesses, that last 30% is a really, really important thing to figure out.
Anthropic is going a different direction but not better.
haven't used claude in about 2 weeks and I do not miss it.
Absurd, really.
rate the analogy plz..
There are multiple comments in this thread with comments along the line of: "Oh im sure they didn't mean to, let's not attribute this to malice". There is a long history here of lawyers, back and forth between OpenCode and OpenClaw and various other "Open" harnesses. Digging into my commit history and blocking access based off of a string is not acceptable for a product in my opinion -- and I don't think this was purely on accident.
Other comments calling out that they are compute constrained and need to do this in order to continue functioning. They shouldn't oversell then. I think that overselling airline tickets is abhorrent and so is overselling any product in a way that you know that you will impact legitimate customers. Up your pricing and/or stop accepting invites, we will quickly get to the bottom of it.
A company does not deserve the benefit of the doubt over and over and over again.