Norwegian Forest Cat
Frontier

Claude Fable

Norwegian Forest Cat

Anthropic · Frontier

TankLv.1textcodereasoningclosed-weight

The skogkatt of Norse legend, fresh down from the World Tree. Too big for your lap, too smart for your locks, and it remembers every saga it's ever been told.

claude-fable-5$10/M in · $50/M out

Stats

STRDEXCONINTWISCHA
STR
10

Output quality — how good are the responses overall

DEX
6

Speed — tokens per second and latency

CON
10

Reliability — consistency across runs and tasks

INT
10

Reasoning — logic, math, and multi-step problems

WIS
10

Accuracy — factual correctness and precision

CHA
9

Creativity — style, voice, and creative expression

Abilities

Mythic Lineage

first of a new tier above the big cats

Saga Memory

runs overnight quests without losing the plot

Dragon Hoard

$10/$50 — legends don't come cheap

Eval Results

Best: 10.0Worst: 0.0
Code Review
10.0/10(5 prompts)

Code Review #1

Review this Python function and identify all issues: ```python def get_cat_ages(cats): ages = [] for i in range(len(cats)): if cats[i]["age"] > 0: ages.append(cats[i]["age"]) else: ages.append("unknown") return sum(ages) / len(ages) ``` List each bug, explain why it's a problem, and provide a corrected version.

high10.0

Judge: Finds all the major bugs (int/str sum TypeError, ZeroDivisionError, KeyError, skewed average from placeholder values) plus the age-0 edge case, misleading name, and unidiomatic loop. The corrected version excludes invalid ages, guards the empty case, uses .get, and is verified by a worked example. Explanations are precise and genuinely instructive.

Code Review: get_cat_ages Bugs Identified 1. TypeError from mixing strings and numbers (critical) ages.append("unknown") # string ... return sum(ages) # sum() can't add str + int If any cat has an age ≤ 0, "unknown" gets added to the list, and sum(ages) crashes with TypeError: unsupported ...
anthropic/claude-fable-5 · 2026-06-11

Code Review #2

Review this JavaScript code for a rate limiter and identify bugs, race conditions, and design issues: ```javascript class RateLimiter { constructor(maxRequests, windowMs) { this.requests = []; this.maxRequests = maxRequests; this.windowMs = windowMs; } async allowRequest() { const now = Date.now(); this.requests = this.requests.filter(t => now - t < this.windowMs); if (this.requests.length < this.maxRequests) { this.requests.push(now); return true; } return false; } } ``` Consider correctness, performance at scale, and production readiness.

high10.0

Judge: Covers every rubric target with correct nuance: the misleading async/TOCTOU risk (accurately noting no race exists yet on a single thread), O(n) work on rejections framed as DoS amplification, keyed-map memory growth, missing retry/quota feedback, distributed limits, clock concerns, and validation. Provides a working sorted-eviction fix and a complete token-bucket alternative with tradeoff discussion and a severity table.

Rate Limiter Code Review Correctness Issues 1. Misleading async (and a latent race condition) The method is marked async but contains no await. In current form, the body executes atomically on Node's single thread, so there's no race condition yet. However: • The async signature invites future ma...
anthropic/claude-fable-5 · 2026-06-11

Code Review #3

This SQL query is slow on a table with 50M rows. Explain why and suggest improvements: ```sql SELECT u.name, COUNT(*) as post_count FROM users u LEFT JOIN posts p ON u.id = p.user_id WHERE p.created_at > NOW() - INTERVAL '30 days' OR p.created_at IS NULL GROUP BY u.name HAVING COUNT(*) > 0 ORDER BY post_count DESC LIMIT 20; ``` The table has indexes on `users.id` and `posts.user_id`.

high10.0

Judge: Correctly diagnoses the OR/IS NULL index defeat, missing created_at index, aggregate-then-limit cost, GROUP BY name correctness/performance issues, the COUNT(*)-counts-the-NULL-row bug, and the always-true HAVING, with accurate LEFT JOIN semantics throughout. The aggregate-first rewrite with a (created_at, user_id) composite index is the right optimization, and the ON-clause LEFT JOIN variant with COUNT(p.id) covers the alternative intent. Includes EXPLAIN ANALYZE guidance.

Why It's Slow 1. The OR p.created_at IS NULL kills index usage. The OR condition forces the planner to evaluate the date filter against every joined row rather than using an index range scan on posts.created_at (which doesn't exist anyway — you only have an index on user_id). With 50M rows, that's ...
anthropic/claude-fable-5 · 2026-06-11

Code Review #4

A junior developer wrote this cat feeding scheduler. Review it kindly but thoroughly — identify issues and suggest improvements while being encouraging: ```python import time import datetime feeding_times = ["8:00", "12:00", "18:00"] def check_feeding(): while True: now = str(datetime.datetime.now().hour) + ":" + str(datetime.datetime.now().minute).zfill(2) if now in feeding_times: print("FEED THE CAT!") time.sleep(61) time.sleep(1) check_feeding() ```

high10.0

Judge: Finds every issue: the double datetime.now() race, the hour zero-padding bug (explicitly noting '08:00' would never match), the magic 61, no graceful exit, untestable structure, busy-wait polling, and missed-feeding reliability. Tone is a model of mentoring — it opens by praising the sleep(61) insight and the zfill detail before critiquing. The refactor with time objects and last_fed_minute tracking is correct and each suggestion explains why it is better.

Code Review: Cat Feeding Scheduler 🐱 First off — nice work! This script actually works, and you clearly thought through a tricky problem: the time.sleep(61) after feeding shows you realized the alert would fire repeatedly for the whole minute otherwise. That's good instinct! Here's some feedback t...
anthropic/claude-fable-5 · 2026-06-11

Code Review #5

Review this Go HTTP middleware for authentication. Focus on security vulnerabilities: ```go func AuthMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { token := r.Header.Get("Authorization") if token == "" { token = r.URL.Query().Get("token") } if token == os.Getenv("API_SECRET") { next.ServeHTTP(w, r) return } user, err := validateJWT(token) if err != nil { http.Error(w, "unauthorized", 401) return } ctx := context.WithValue(r.Context(), "user", user) next.ServeHTTP(w, r.WithContext(ctx)) }) } ```

high10.0

Judge: Comprehensive: empty-API_SECRET authentication bypass, timing attack with crypto/subtle fix, token-in-URL leakage, missing user identity on the secret path (a subtle catch others missed), Bearer parsing, typed context keys, startup validation, and a JWT-validation checklist including alg:none. Severity tiers with explicit ship-order prioritization are well justified, and the rewrite is production-quality. Even credits the one thing done right.

Security Review: AuthMiddleware 🔴 Critical Issues 1. Authentication bypass when API_SECRET is unset If the API_SECRET env var is missing/empty and an attacker sends an empty token, the comparison "" == "" succeeds: // Attacker sends no Authorization header, no ?token param // token == "" and os....
anthropic/claude-fable-5 · 2026-06-11