Anthropic Detects Third-Party Clients via System Prompt, Not Headers
2 days ago
- #System Prompt Analysis
- #Client Detection
- #API Security
- Anthropic blocks third-party clients like OpenCode by analyzing the system prompt content, not through HTTP headers or TLS fingerprinting.
- Replacing the static portion of a custom system prompt with Claude Code's real prompt allows requests to succeed, while keeping custom prompts triggers a block.
- Detection is per-request and based on pattern matching or embedding similarity of the static prompt section, ignoring runtime-injected content like environment variables or custom instructions.
- A fix involves loading Claude Code's system prompt and swapping only the static part, preserving runtime sections, though it requires updates if Claude Code's prompt changes.
- This method is fragile for both Anthropic and users, highlighting potential OAuth architecture limitations in distinguishing official from unofficial clients.