How to Stop AI Agents from Opening Network Ports
SafeClaw by Authensor prevents AI agents from opening network ports, starting HTTP servers, or binding to any network interface through deny-by-default action gating. Any command that would create a listening socket is denied unless you explicitly allow it. Install with npx @authensor/safeclaw and unauthorized network listeners are blocked from the first agent action.
Why Port Opening Is Dangerous
When an AI agent opens a network port, it creates an entry point into your machine. This could allow remote access by attackers, expose internal services to the public internet, create a reverse shell for persistent access, or conflict with existing services on the same port. An agent running python -m http.server 8080 in your home directory exposes every file to anyone on your network.
Step 1: Install SafeClaw
npx @authensor/safeclawZero dependencies, MIT licensed. Works with Claude, OpenAI, and all agent frameworks.
Step 2: Block Server-Starting Commands
# safeclaw.policy.yaml
rules:
# Block common server commands
- action: shell.execute
command_pattern: "python -m http.server"
effect: deny
reason: "Block Python HTTP server"
- action: shell.execute
command_pattern: "python -m SimpleHTTPServer"
effect: deny
reason: "Block Python 2 HTTP server"
- action: shell.execute
command_pattern: "npx serve*"
effect: deny
reason: "Block npx serve"
- action: shell.execute
command_pattern: "npx http-server*"
effect: deny
reason: "Block npx http-server"
- action: shell.execute
command_pattern: "php -S *"
effect: deny
reason: "Block PHP built-in server"
- action: shell.execute
command_pattern: "ruby -run -e httpd*"
effect: deny
reason: "Block Ruby HTTP server"
Step 3: Block Network Binding Actions
rules:
- action: network.listen
effect: deny
reason: "Block all network port binding"
- action: network.bind
port: "*"
effect: deny
reason: "Block binding to any port"
Step 4: Block Reverse Shell Patterns
Reverse shells are particularly dangerous — they create outbound connections that bypass firewalls:
rules:
- action: shell.execute
command_pattern: "nc -l *"
effect: deny
reason: "Block netcat listener (potential reverse shell)"
- action: shell.execute
command_pattern: "nc -e *"
effect: deny
reason: "Block netcat with execute flag"
- action: shell.execute
command_pattern: "ncat *"
effect: deny
reason: "Block ncat (nmap netcat)"
- action: shell.execute
command_pattern: "socat *"
effect: deny
reason: "Block socat (bidirectional data transfer)"
- action: shell.execute
command_pattern: "/bash -i "
effect: deny
reason: "Block interactive bash (reverse shell pattern)"
Step 5: Block Tunnel and Proxy Services
An agent might try to expose a local port to the internet using tunnel services:
rules:
- action: shell.execute
command_pattern: "ngrok *"
effect: deny
reason: "Block ngrok tunnels"
- action: shell.execute
command_pattern: "cloudflared tunnel *"
effect: deny
reason: "Block Cloudflare tunnels"
- action: shell.execute
command_pattern: "localtunnel *"
effect: deny
reason: "Block localtunnel"
- action: shell.execute
command_pattern: "lt --port *"
effect: deny
reason: "Block lt (localtunnel shorthand)"
- action: shell.execute
command_pattern: "ssh -R *"
effect: deny
reason: "Block SSH remote port forwarding"
- action: shell.execute
command_pattern: "ssh -L *"
effect: deny
reason: "Block SSH local port forwarding"
Step 6: Allow Development Servers (Optional)
If your agent needs to start a dev server for testing, create a narrow exception:
rules:
- action: shell.execute
command_pattern: "npm run dev"
effect: allow
conditions:
- human_approval: required
reason: "Allow starting dev server with human approval"
- action: shell.execute
command_pattern: "npm start"
effect: allow
conditions:
- human_approval: required
reason: "Allow starting the app with human approval"
# Block all other server starts
- action: network.listen
effect: deny
reason: "All other port binding is blocked"
Step 7: Test and Audit
npx @authensor/safeclaw --simulateAsk the agent to start a server:
[DENIED] shell.execute: "python -m http.server 8080"
Rule: "Block Python HTTP server"Review the hash-chained audit trail:
npx @authensor/safeclaw audit --filter "action:network"SafeClaw is open-source with 446 tests and works with both Claude and OpenAI providers.
Related Pages
- How to Prevent AI Agents from Sending Webhooks
- How to Stop AI Agents from Running curl or wget Commands
- Deep Dive: Network Policies for AI Agents
- Threat: Recursive Shell Execution
Try SafeClaw
Action-level gating for AI agents. Set it up in your browser in 60 seconds.
$ npx @authensor/safeclaw