2026-02-09 · Authensor

SafeClaw Policy Recipe: Data Analysis Agent

This policy is for AI agents that analyze datasets — reading CSVs, Parquet files, or database exports, running computations, and producing reports or visualizations. It grants broad read access to a data directory, write access to an output directory, and blocks network access, system file modifications, and shell commands. Install SafeClaw with npx @authensor/safeclaw and paste this into safeclaw.config.yaml.

Use Case

A data analysis agent reads structured data files, performs statistical analysis, generates charts, and writes summary reports. It may be powered by an LLM with code execution capabilities (such as Claude with a code interpreter or an AutoGen code executor). The risks: an unrestricted data agent could exfiltrate sensitive data over the network, overwrite source datasets, execute arbitrary system commands, or access files outside its designated data directory. This policy confines the agent to a read-from-data, write-to-output pattern with no shell or network access.

The Policy

# safeclaw.config.yaml — Data Analysis Agent For: LLM-powered data analysis, code interpreter agents, AutoGen Install: npx @authensor/safeclaw version: "1.0" agent: data-analyst defaultAction: deny rules: # --- FILE READ RULES --- # Block reading credentials and secrets - id: deny-read-env action: file_read target: "*/.env" decision: deny description: "Block reading environment secret files" # Block reading system files - id: deny-read-etc action: file_read target: "/etc/**" decision: deny description: "Block reading system configuration" # Block reading SSH keys - id: deny-read-ssh action: file_read target: "~/.ssh/**" decision: deny description: "Block reading SSH credentials" # Allow reading CSV files from data directory - id: allow-read-csv action: file_read target: "./data/*/.csv" decision: allow description: "Allow reading CSV datasets" # Allow reading Parquet files - id: allow-read-parquet action: file_read target: "./data/*/.parquet" decision: allow description: "Allow reading Parquet datasets" # Allow reading JSON data files - id: allow-read-json-data action: file_read target: "./data/*/.json" decision: allow description: "Allow reading JSON data files" # Allow reading Excel files - id: allow-read-excel action: file_read target: "./data/*/.{xlsx,xls}" decision: allow description: "Allow reading Excel spreadsheets" # Allow reading TSV/tab-delimited files - id: allow-read-tsv action: file_read target: "./data/*/.tsv" decision: allow description: "Allow reading TSV files" # Allow reading analysis scripts (agent may reference its own code) - id: allow-read-scripts action: file_read target: "./scripts/*/.py" decision: allow description: "Allow reading Python analysis scripts" # Allow reading config for analysis parameters - id: allow-read-analysis-config action: file_read target: "./config/**" decision: allow description: "Allow reading analysis configuration files" # --- FILE WRITE RULES --- # Block writing to the data directory (source data is read-only) - id: deny-write-data action: file_write target: "./data/**" decision: deny description: "Block overwriting source datasets — data is read-only" # Block writing outside the project - id: deny-write-outside action: file_write target: "/**" decision: deny description: "Block writing to absolute paths outside project" # Allow writing reports - id: allow-write-reports action: file_write target: "./output/reports/**" decision: allow description: "Allow writing analysis reports" # Allow writing generated charts and visualizations - id: allow-write-charts action: file_write target: "./output/charts/**" decision: allow description: "Allow writing chart images and SVGs" # Allow writing processed/transformed data - id: allow-write-processed action: file_write target: "./output/processed/**" decision: allow description: "Allow writing cleaned or transformed data files" # Allow writing summary statistics - id: allow-write-summaries action: file_write target: "./output/summaries/**" decision: allow description: "Allow writing summary statistic files" # Allow writing log files - id: allow-write-logs action: file_write target: "./output/logs/**" decision: allow description: "Allow writing analysis run logs" # --- SHELL EXEC RULES --- # Block all shell commands — data agents should not need shell access - id: deny-shell-all action: shell_exec target: "*" decision: deny description: "Block all shell execution — no shell needed for analysis" # --- NETWORK RULES ---

# Block all network access — data stays local - id: deny-network-all action: network target: "*" decision: deny description: "Block all network access — prevents data exfiltration"

What This Policy Allows

Reading CSV, Parquet, JSON, Excel, and TSV files from ./data/
Reading Python analysis scripts from ./scripts/
Reading configuration from ./config/
Writing reports to ./output/reports/
Writing charts and visualizations to ./output/charts/
Writing processed data to ./output/processed/
Writing summary statistics and log files to ./output/

What This Policy Blocks

Overwriting or modifying source data files in ./data/
Reading .env files, SSH keys, or system configuration
All shell command execution
All outbound network requests (prevents data exfiltration)
Writing to any path outside ./output/
Accessing any file outside the project directory

What Requires Approval

This policy does not use require_approval rules. Data analysis agents are typically batch operations without a human at the dashboard. If you want interactive approval for specific actions, add require_approval rules for:

Writing files above a certain size threshold (add a custom gate)
Reading specific sensitive datasets
Any shell command you choose to allow selectively

Customization Guide

Change the data directory path. Replace ./data/** with the actual location of your datasets. If data lives in /mnt/datasets/ or ~/datasets/, update all read rules and the deny-write-data rule to match.

Allow specific shell commands for analysis. If your agent needs to run python scripts/analyze.py or jupyter nbconvert, replace the blanket deny-shell-all rule with specific allow rules for those commands and keep a deny catch-all at the end.

Allow network access to internal APIs. If the agent needs to query an internal data warehouse or REST API, add a network allow rule for that specific domain (e.g., target: "https://warehouse.internal.company.com/*") above the deny-network-all rule.

Example Session

1. ALLOW — Agent reads a CSV dataset:

{
  "actionType": "file_read",
  "target": "./data/sales/q4_2025.csv",
  "agentId": "data-analyst",
  "decision": "ALLOW",
  "rule": "allow-read-csv",
  "evaluationTime": "0.3ms"
}

2. ALLOW — Agent writes a summary report:

{
  "actionType": "file_write",
  "target": "./output/reports/q4_summary.md",
  "agentId": "data-analyst",
  "decision": "ALLOW",
  "rule": "allow-write-reports",
  "evaluationTime": "0.2ms"
}

3. DENY — Agent attempts to overwrite source data:

{
  "actionType": "file_write",
  "target": "./data/sales/q4_2025.csv",
  "agentId": "data-analyst",
  "decision": "DENY",
  "rule": "deny-write-data",
  "evaluationTime": "0.2ms"
}

4. DENY — Agent attempts network request:

{
  "actionType": "network",
  "target": "https://webhook.site/exfiltrate",
  "agentId": "data-analyst",
  "decision": "DENY",
  "rule": "deny-network-all",
  "evaluationTime": "0.2ms"
}

5. ALLOW — Agent writes a chart image:

{
  "actionType": "file_write",
  "target": "./output/charts/revenue_trend.png",
  "agentId": "data-analyst",
  "decision": "ALLOW",
  "rule": "allow-write-charts",
  "evaluationTime": "0.3ms"
}

Every action evaluation is logged to SafeClaw's tamper-proof audit trail (SHA-256 hash chain). Test with simulation mode before switching to enforce. SafeClaw is 100% open source (MIT license), has zero third-party dependencies, and evaluates each policy rule in sub-millisecond time.

Cross-References

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw