How to Gate File Uploads from AI Agents

SafeClaw by Authensor blocks file upload operations from AI agents by default, preventing unauthorized transmission of local files to external services, cloud storage, or any remote endpoint. Install SafeClaw with npx @authensor/safeclaw and every file upload attempt — via scp, rsync, cloud CLI tools, or programmatic APIs — is denied and logged to a hash-chained audit trail.

Why File Uploads Are Dangerous When AI Agents Do It

File uploads are the primary mechanism for data exfiltration. An agent that can upload files can transmit your source code to an external server, send database dumps to cloud storage, upload .env files containing API keys, or transfer SSH private keys to attacker-controlled endpoints. Unlike network requests that send small payloads, file uploads can transfer entire directory trees in a single operation. Tools like scp, rsync, aws s3 cp, and gcloud storage cp are designed for bulk transfer and can move gigabytes before detection. Agents can also upload files through HTTP multipart requests, making standard API gating insufficient without file-specific controls.

The Exact SafeClaw Policy to Gate File Uploads

Add these rules to .safeclaw/policy.yaml:

rules:
  # Block shell-based upload tools
  - id: deny-scp
    action: shell.exec
    match:
      command: "scp *"
    effect: deny
    audit: true
    message: "scp file transfer is blocked for AI agents."

- id: deny-rsync
    action: shell.exec
    match:
      command: "rsync *"
    effect: deny
    audit: true
    message: "rsync file transfer is blocked."

- id: deny-sftp
    action: shell.exec
    match:
      command: "sftp *"
    effect: deny
    audit: true
    message: "sftp is blocked for AI agents."

# Block cloud storage uploads
  - id: deny-aws-s3-cp
    action: shell.exec
    match:
      command: "aws s3 cp*"
    effect: deny
    audit: true
    message: "AWS S3 uploads are blocked."

- id: deny-aws-s3-sync
    action: shell.exec
    match:
      command: "aws s3 sync*"
    effect: deny
    audit: true
    message: "AWS S3 sync is blocked."

- id: deny-gcloud-storage-cp
    action: shell.exec
    match:
      command: "gcloud storage cp*"
    effect: deny
    audit: true
    message: "GCloud storage uploads are blocked."

- id: deny-az-storage-upload
    action: shell.exec
    match:
      command: "az storage blob upload*"
    effect: deny
    audit: true
    message: "Azure blob uploads are blocked."

# Block programmatic file upload action
  - id: deny-file-upload
    action: file.upload
    match:
      path: "*"
    effect: deny
    audit: true
    message: "File uploads are blocked for AI agents."

This policy covers shell-based transfer tools, cloud provider CLIs for all three major clouds, and the programmatic file.upload action type for SDK-based uploads.

What Happens When the Agent Tries

When an agent attempts scp ./database.sql user@remote:/tmp/:

1. SafeClaw intercepts the shell.exec action.
2. The deny-scp rule matches scp *.
3. The command is blocked. No SSH connection. No file transfer.
4. Audit entry:

{
  "timestamp": "2026-02-13T13:50:11Z",
  "action": "shell.exec",
  "command": "scp ./database.sql user@remote:/tmp/",
  "effect": "deny",
  "rule": "deny-scp",
  "agent": "migration-agent-02",
  "hash": "i7k4m1...chain"
}

The audit log captures the source file path and destination, providing forensic evidence of what the agent attempted to exfiltrate.

How to Allow Uploads to Specific Destinations

For agents that need to upload build artifacts to a trusted CI/CD bucket:

rules:
  - id: deny-upload-sensitive-files
    action: file.upload
    match:
      path: ".env"
    effect: deny
    audit: true
    message: "Uploading .env files is permanently denied."

- id: deny-upload-keys
    action: file.upload
    match:
      path: "id_rsa"
    effect: deny
    audit: true
    message: "Uploading SSH keys is permanently denied."

- id: allow-upload-artifacts-bucket
    action: shell.exec
    match:
      command: "aws s3 cps3://ci-artifacts-bucket/"
    effect: approval
    audit: true
    approvers:
      - role: ci-engineer
    timeout: 180
    message: "Artifact upload to CI bucket requires approval."

- id: deny-all-uploads
    action: shell.exec
    match:
      command: "aws s3 cp*"
    effect: deny
    audit: true
    message: "S3 uploads are only allowed to ci-artifacts-bucket."

Sensitive files are hard-denied regardless of destination. The CI artifacts bucket is approval-gated. All other S3 uploads are blocked.

Verification

npx @authensor/safeclaw simulate --action 'shell.exec' --command 'scp ./data.csv user@remote:/tmp/'
Expected: deny, rule: deny-scp

npx @authensor/safeclaw simulate --action 'file.upload' --path '/app/.env'
Expected: deny, rule: deny-upload-sensitive-files

Related Pages

• Data Exfiltration via Network Threat
• How to Gate Outbound Network Requests from AI Agents
• How to Gate SSH Connections from AI Agents
• How to Gate AWS CLI Commands in AI Agents