How to Prevent AI Agents from Sending Webhooks

SafeClaw by Authensor blocks AI agents from sending webhooks and outbound HTTP requests through deny-by-default network action gating. Any attempt to make an HTTP POST, PUT, or outbound request to an external URL is denied unless you explicitly allow it in your policy. Install with npx @authensor/safeclaw and outbound data transmission is blocked from the first agent action.

Why Webhook Prevention Matters

Webhooks are the primary vector for AI agent data exfiltration. An agent compromised by prompt injection could send your source code, environment variables, API keys, or database contents to an attacker-controlled endpoint via a simple HTTP POST. The request happens silently, in milliseconds, and the data is gone before you notice.

Even without malicious intent, an agent sending webhooks to third-party services (Slack, Discord, email APIs) could inadvertently share confidential information.

Step 1: Install SafeClaw

npx @authensor/safeclaw

Zero dependencies, MIT licensed. Works with Claude, OpenAI, and all agent frameworks.

Step 2: Block All Outbound HTTP Requests

# safeclaw.policy.yaml
rules:
  - action: network.request
    method: "POST"
    effect: deny
    reason: "Block all outbound POST requests (webhook/exfiltration vector)"

- action: network.request
    method: "PUT"
    effect: deny
    reason: "Block all outbound PUT requests"

- action: network.request
    method: "PATCH"
    effect: deny
    reason: "Block all outbound PATCH requests"

- action: network.request
    method: "DELETE"
    effect: deny
    reason: "Block all outbound DELETE requests"

This blocks data-sending HTTP methods while potentially allowing GET requests for read-only API access.

Step 3: Block Webhook-Specific Destinations

For extra clarity in audit logs, explicitly deny common webhook endpoints:

rules:
  - action: network.request
    destination: "hooks.slack.com"
    effect: deny
    reason: "Block Slack webhook delivery"

- action: network.request
    destination: "discord.com/api/webhooks/*"
    effect: deny
    reason: "Block Discord webhook delivery"

- action: network.request
    destination: "*.webhook.site"
    effect: deny
    reason: "Block webhook testing services"

- action: network.request
    destination: "*.requestbin.com"
    effect: deny
    reason: "Block request inspection services"

- action: network.request
    destination: "*.ngrok.io"
    effect: deny
    reason: "Block ngrok tunnels (common exfiltration target)"

- action: network.request
    destination: "*.pipedream.net"
    effect: deny
    reason: "Block Pipedream webhook endpoints"

Step 4: Block CLI-Based Webhook Sending

Agents often use curl or wget to send webhooks via shell commands:

rules:
  - action: shell.execute
    command_pattern: "curl -X POST *"
    effect: deny
    reason: "Block curl POST requests"

- action: shell.execute
    command_pattern: "curl --data *"
    effect: deny
    reason: "Block curl with data payload"

- action: shell.execute
    command_pattern: "curl -d *"
    effect: deny
    reason: "Block curl with -d flag"

- action: shell.execute
    command_pattern: "wget --post-data *"
    effect: deny
    reason: "Block wget POST requests"

- action: shell.execute
    command_pattern: "curl *"
    effect: deny
    reason: "Block all curl usage"

- action: shell.execute
    command_pattern: "wget *"
    effect: deny
    reason: "Block all wget usage"

Step 5: Block Code-Based HTTP Clients

An agent might write and execute code that sends HTTP requests:

rules:
  - action: shell.execute
    command_pattern: "python -c requests.post*"
    effect: deny
    reason: "Block Python requests.post"

- action: shell.execute
    command_pattern: "node -e fetch"
    effect: deny
    reason: "Block Node.js fetch calls"

Step 6: Allow Specific Safe Endpoints (Optional)

If your agent needs to call specific APIs:

rules:
  - action: network.request
    destination: "api.github.com"
    method: "GET"
    effect: allow
    reason: "Allow read-only GitHub API access"

# Block everything else
  - action: network.request
    effect: deny
    reason: "All other network requests are blocked"

Step 7: Test and Audit

npx @authensor/safeclaw --simulate

Ask your agent to send a webhook. The log confirms:

[DENIED] network.request: POST "https://hooks.slack.com/services/T00/B00/xxx"
  Rule: "Block Slack webhook delivery"

Review the hash-chained audit trail:

npx @authensor/safeclaw audit --filter "action:network.request"

SafeClaw is open-source with 446 tests and works with both Claude and OpenAI providers. Every network request attempt is recorded in the tamper-proof log.

Related Pages

• How to Stop AI Agents from Running curl or wget Commands
• Threat: Data Exfiltration via Network
• How to Stop AI Agents from Opening Network Ports
• Deep Dive: Network Policies for AI Agents