Originally published at devtoolpicks.com
Theo Browne (t3.gg) posted a demonstration on April 30 that broke developer Twitter. He created an empty git repo, added a single commit with "OpenClaw" in the message, then ran claude -p "hi". Claude Code immediately disconnected and his session usage jumped to 100%.
No code in the repo. No actual OpenClaw installation. Just a string in a commit message.
This isn't a hypothetical bug report. Multiple developers have now confirmed the same behavior. If your git history contains certain strings, Claude Code will either refuse your request entirely or route your session to "extra usage" billing, charging you on top of your existing subscription.
Here's what actually happened, why Anthropic did it, and what you should watch for if you use Claude Code.
What Is OpenClaw?
If you haven't been following this, OpenClaw is the fastest-growing open source project in 2026. Created by Austrian developer Peter Steinberger (founder of PSPDFKit), it started as a weekend hack called "Clawd" in November 2025 and exploded to over 355,000 GitHub stars in five months. It surpassed React in star velocity.
OpenClaw is a self-hosted AI agent that connects to your messaging apps (WhatsApp, Telegram, Slack, Discord, iMessage) and runs tasks autonomously. It schedules cron jobs, manages files, browses the web, sends emails, and maintains persistent memory across sessions. You bring your own API key for whatever model you want: Claude, GPT, DeepSeek, or local models through Ollama.
The key detail: OpenClaw users were routing their Claude subscription (Pro at $20/month, Max at $200/month) through OpenClaw's third-party harness to power these agent workflows. Anthropic's subscription pricing wasn't designed for that kind of automated, always-on usage.
What Anthropic Did on April 4
On April 4, 2026, Anthropic blocked all third-party tools from using Claude subscription OAuth tokens. The change was server-enforced and immediate. If you were using your Claude Pro or Max subscription through OpenClaw, that stopped working overnight.
Boris Cherny, head of Claude Code at Anthropic, explained the reasoning: "Our subscription model wasn't designed for the usage patterns of these third-party tools. These tools place disproportionate stress on our systems."
After the block, OpenClaw users had two options: buy "extra usage" credits on top of their subscription (pay-as-you-go at API rates) or use a separate Anthropic API key at full per-token pricing. Both cost significantly more than the flat subscription rate they were using before.
This part made business sense. Anthropic was subsidizing heavy automated usage through flat-rate subscriptions. Cutting that off was a reasonable pricing correction.
What Theo Found Is Different
The April 4 block was about authentication. What Theo demonstrated on April 30 is about detection. Claude Code appears to be scanning your git commit history for strings related to OpenClaw and changing its behavior based on what it finds.
Here's what Theo showed:
- Create an empty repo:
mkdir test && cd test && git init - Create one file:
touch hello && git add -A - Commit with an OpenClaw reference:
git commit -m '{"schema": "openclaw.inbound_meta.v1"}' - Run Claude Code:
claude -p "hi" - Result: immediate disconnect, session usage jumps to 100%
Other developers confirmed you can reproduce this with variations. One user showed that simply having the string HERMES.md in a recent commit (a file related to OpenClaw's configuration) triggered the same behavior. That user reported an unexpected $200 charge on their Max plan.
The detection appears to be some form of pattern matching. HN commenters suspect a regex scanning git log output. There's no separation between parts of the prompt. The text gets injected into what Claude Code sees, and if it matches certain patterns, the session gets flagged.
Why This Matters for Indie Hackers
Even if you've never heard of OpenClaw, there are three reasons this should concern you.
Your commit messages affect your billing. Claude Code reads your git history as context. If anything in that history triggers the detection pattern, you could end up on "extra usage" billing without realizing it. One developer was charged $200 because of a filename in their commit history.
It's an attack vector for open source maintainers. Someone pointed out on X that a malicious PR with the right commit message could trigger extra charges for any maintainer using Claude Code on that repo. Submit a PR with "openclaw" in the commit message, and the repo owner's Claude Code sessions could start costing more. This is a real vulnerability for anyone accepting outside contributions.
The implementation is fragile. Multiple HN commenters noted the irony: a company building one of the most advanced AI systems in the world is using what appears to be regex-style string matching to enforce business rules. As one commenter put it, they have access to Mythos and unlimited compute, and their solution is lazy pattern matching.
The HERMES.md Problem
The commit message detection isn't limited to the word "OpenClaw." At least one user reported that having HERMES.md (a configuration file used in OpenClaw setups) anywhere in recent commit history triggered the same billing change. The user filed a GitHub issue documenting an unexpected $200 charge on their Max plan.
The issue title: "HERMES.md in a git commit message silently drained $200 from a Claude Max plan while 86% of quota went unused."
That's worth repeating. The user still had 86% of their included quota available. But because their commit history contained a flagged string, Claude Code routed their requests to pay-as-you-go billing instead.
What This Tells Us About AI Tool Lock-In
This incident is part of a pattern. Anthropic launched Claude Code Channels (Discord and Telegram integration) in March 2026, which VentureBeat described as an "OpenClaw killer." They blocked third-party harnesses on April 4. Now commit-level detection in late April.
Each step makes the walls a little higher. If you build your workflow around Claude Code, your commit history, your automation patterns, and your billing are all controlled by Anthropic. That's not necessarily wrong. Every SaaS has vendor lock-in. But the commit scanning crosses a line that makes developers uncomfortable.
The practical lesson: be aware of what strings end up in your git history if you're using Claude Code. And if you're running any third-party tools alongside Claude Code, check your billing page. You might be paying more than you expect.
What You Can Do
If you're a Claude Code user concerned about this:
Check your billing. Log into your Anthropic account and look at your "extra usage" charges. If you see unexpected costs, check your recent commit history for flagged strings.
Audit your git history. Run git log --oneline | grep -i "openclaw\|hermes\|claw" on any repo where you use Claude Code. If you find matches, those commits may be triggering the detection.
Watch your subscription usage. If your Claude Code session usage jumps to 100% unexpectedly, it may not be a bug. It could be the detection system flagging your repo.
Consider your alternatives. If the commit scanning makes you uncomfortable, Cursor, GitHub Copilot, and Codex don't scan your commit messages for competitor references. That's worth factoring into your tool choice.
FAQ
Is this a bug or intentional?
Anthropic hasn't officially commented on the commit-level detection specifically. The third-party tool block from April 4 was announced publicly, but the pattern matching in git history appears to be an enforcement mechanism that went further than the announced policy. Some developers believe it's intentional but poorly implemented. Others think it's a side effect of how Claude Code processes context.
Can I still use OpenClaw with Claude?
Yes, but only through the API at full per-token rates or through "extra usage" pay-as-you-go billing. Your Claude Pro or Max subscription no longer covers third-party tool usage. This has been enforced since April 4, 2026.
Does this affect repos I'm just contributing to?
Potentially. If the repo's commit history contains flagged strings and you run Claude Code in that repo, the detection could trigger. This is especially concerning for open source maintainers who accept PRs from outside contributors.
Will Anthropic fix this?
Unknown. The HERMES.md billing issue has been filed as a GitHub issue on the Claude Code repo. Community reaction has been strongly negative, with HN commenters calling it "regex duct tape" holding together a multibillion-dollar business. Public pressure may force a more refined approach, but Anthropic hasn't responded to the specific commit detection behavior yet.
Should I switch away from Claude Code?
Not necessarily. Claude Code is still one of the best AI coding tools available. But this incident is a good reminder to monitor your billing, understand what context your tools are reading, and keep alternatives in your back pocket. AI coding tools are changing fast, and no single tool deserves unconditional loyalty.
Top comments (0)