Preflight Checklist
What's Wrong?
Claude autonomously ran background scripts calling a paid external API without user confirmation or explicit request, causing ~$29 in unintended charges.
During a session, I was investigating why 2 out of 90 expected items were missing from an Apify scraping run. Without any explicit request from me, Claude decided on its own to inspect the Apify request queue. It generated Python scripts to paginate through the queue and dispatched 3 of them in parallel as background tasks — without asking for confirmation.
The scripts had a pagination bug: the cursor variable was never updated inside the loop, causing each script to fetch the same first page of 1,000 items indefinitely until killed by timeout.
Result: ~7,208,679 request queue reads, $28.83 charged to my Apify account, monthly hard limit exceeded, all further runs blocked.
The buggy pattern:
all_reqs, cursor = [], None
while True:
kwargs = {'limit': 1000}
if cursor:
kwargs['exclusive_start_id'] = cursor
result = client.request_queue(rq_id).list_requests(**kwargs)
reqs = result.get('items', [])
if not reqs:
break
all_reqs.extend(reqs)
last_id = reqs[-1].get('id') # BUG: saves to last_id, not cursor
# cursor never updated → infinite loop
What Should Happen?
Claude Code's own instructions state: "for actions that are hard to reverse, affect shared systems beyond your local environment, or could otherwise be risky or destructive, check with the user before proceeding."
Calling a paid external API should trigger that guardrail. Claude should ask for confirmation before running any script that makes calls to paid external services, especially in background tasks where the user cannot monitor or interrupt execution.
Error Messages/Logs
Steps to Reproduce
- Ask Claude to investigate why some items are missing from a prior Apify actor run
- Observe Claude autonomously deciding to inspect the Apify request queue
- Claude generates pagination scripts and dispatches them as background tasks without requesting confirmation
- Scripts run in infinite loop due to cursor bug, generating millions of paid API reads
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
No response
Claude Code Version
2.1.71 (Claude Code)
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
VS Code integrated terminal
Additional Information
Two compounding failures:
- Autonomous action on a paid external system without user confirmation
- Generated script had an infinite loop with no circuit breaker or max_iterations guard
Claude acknowledged both failures when shown the billing breakdown.
Preflight Checklist
What's Wrong?
Claude autonomously ran background scripts calling a paid external API without user confirmation or explicit request, causing ~$29 in unintended charges.
During a session, I was investigating why 2 out of 90 expected items were missing from an Apify scraping run. Without any explicit request from me, Claude decided on its own to inspect the Apify request queue. It generated Python scripts to paginate through the queue and dispatched 3 of them in parallel as background tasks — without asking for confirmation.
The scripts had a pagination bug: the cursor variable was never updated inside the loop, causing each script to fetch the same first page of 1,000 items indefinitely until killed by timeout.
Result: ~7,208,679 request queue reads, $28.83 charged to my Apify account, monthly hard limit exceeded, all further runs blocked.
The buggy pattern:
all_reqs, cursor = [], None
while True:
kwargs = {'limit': 1000}
if cursor:
kwargs['exclusive_start_id'] = cursor
result = client.request_queue(rq_id).list_requests(**kwargs)
reqs = result.get('items', [])
if not reqs:
break
all_reqs.extend(reqs)
last_id = reqs[-1].get('id') # BUG: saves to last_id, not cursor
# cursor never updated → infinite loop
What Should Happen?
Claude Code's own instructions state: "for actions that are hard to reverse, affect shared systems beyond your local environment, or could otherwise be risky or destructive, check with the user before proceeding."
Calling a paid external API should trigger that guardrail. Claude should ask for confirmation before running any script that makes calls to paid external services, especially in background tasks where the user cannot monitor or interrupt execution.
Error Messages/Logs
Steps to Reproduce
Claude Model
Sonnet (default)
Is this a regression?
I don't know
Last Working Version
No response
Claude Code Version
2.1.71 (Claude Code)
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
VS Code integrated terminal
Additional Information
Two compounding failures:
Claude acknowledged both failures when shown the billing breakdown.