How to Secure Your Claude Agent with SafeClaw

SafeClaw by Authensor intercepts every Claude tool_use content block before execution, enforcing deny-by-default policies that prevent unauthorized file writes, shell commands, and API calls. When Claude's Anthropic API returns a tool_use block in its response, SafeClaw evaluates the action against your YAML policy file and either permits or blocks it — all in sub-millisecond time.

How Claude Tool Use Works

Claude's tool calling follows a specific flow: you define tools in your API request, Claude returns a tool_use content block with a tool name and JSON input, and your application executes that tool. The security gap exists between Claude's response and your execution layer — Claude decides what to call, and without SafeClaw, your code blindly executes it.

Claude Response → tool_use block → [SafeClaw Policy Check] → Execute or Deny

SafeClaw sits at that critical interception point, evaluating every tool invocation against your declared policy before a single byte touches your filesystem or network.

Quick Start

npx @authensor/safeclaw

This initializes a safeclaw.yaml policy file in your project root. SafeClaw works with Claude's tool_use responses out of the box — no SDK modification required.

Step 1: Define Your Claude-Specific Policy

Create a policy that matches Claude's tool naming conventions:

# safeclaw.yaml
version: 1
default: deny

policies:
  - name: "claude-file-operations"
    description: "Control Claude's file tool access"
    actions:
      - tool: "read_file"
        effect: allow
        constraints:
          path_pattern: "src/**"
      - tool: "write_file"
        effect: allow
        constraints:
          path_pattern: "src/**"
          max_size_bytes: 50000
      - tool: "edit_file"
        effect: allow
        constraints:
          path_pattern: "src/**"

- name: "claude-shell-restrictions"
    description: "Restrict shell command execution"
    actions:
      - tool: "execute_command"
        effect: deny
        constraints:
          command_pattern: "rm -rf *"
      - tool: "execute_command"
        effect: allow
        constraints:
          command_pattern: "npm test|npm run build|git status"

- name: "claude-network-policy"
    description: "Control outbound requests"
    actions:
      - tool: "http_request"
        effect: deny

Step 2: Integrate with Your Claude API Call

SafeClaw wraps your tool execution handler:

import Anthropic from "@anthropic-ai/sdk";
import { SafeClaw } from "@authensor/safeclaw";

const client = new Anthropic();
const safeclaw = new SafeClaw("./safeclaw.yaml");

const response = await client.messages.create({
  model: "claude-sonnet-4-20250514",
  max_tokens: 1024,
  tools: [{ name: "write_file", description: "Write to a file", input_schema: { / ... / } }],
  messages: [{ role: "user", content: "Refactor the auth module" }],
});

for (const block of response.content) {
  if (block.type === "tool_use") {
    const decision = safeclaw.evaluate(block.name, block.input);
    if (decision.allowed) {
      const result = await executeTool(block.name, block.input);
      // Continue conversation with tool_result
    } else {
      console.log(Blocked: ${block.name} — ${decision.reason});
      // Return denial as tool_result so Claude can adapt
    }
  }
}

Step 3: Handle Multi-Turn Tool Loops

Claude agents often run in loops, calling multiple tools per turn. SafeClaw evaluates each tool call independently, and the hash-chained audit log preserves the full sequence:

while (response.stop_reason === "tool_use") {
  const toolResults = [];
  for (const block of response.content.filter(b => b.type === "tool_use")) {
    const decision = safeclaw.evaluate(block.name, block.input);
    toolResults.push({
      type: "tool_result",
      tool_use_id: block.id,
      content: decision.allowed
        ? await executeTool(block.name, block.input)
        : Action denied by policy: ${decision.reason},
    });
  }
  response = await client.messages.create({
    model: "claude-sonnet-4-20250514",
    max_tokens: 1024,
    tools: tools,
    messages: [...messages, ...toolResults],
  });
}

Step 4: Review the Audit Log

Every evaluation — allowed or denied — is recorded in a hash-chained audit log, making it tamper-evident:

npx @authensor/safeclaw audit --last 50

Each entry includes the tool name, input parameters, policy matched, decision, and a SHA-256 hash linking to the previous entry.

Why SafeClaw

• 446 tests covering policy evaluation, edge cases, and audit integrity
• Deny-by-default — if a tool isn't explicitly allowed, it's blocked
• Sub-millisecond evaluation — no perceptible latency added to Claude's tool loop
• Hash-chained audit log — tamper-evident record of every action evaluated
• Works with Claude AND OpenAI — one policy file, multiple LLM backends

Related Pages

• How to Use SafeClaw with the Claude Agent SDK
• How to Secure MCP Servers
• How to Secure Your OpenAI GPT Agent