2026-01-13 · Authensor

How to Stop GPT from Running sudo Commands

SafeClaw by Authensor prevents GPT-based agents from executing sudo commands through deny-by-default action gating. Every shell command an AI agent attempts is checked against your policy before execution, and sudo is blocked unless you explicitly allow it. Install with npx @authensor/safeclaw and privilege escalation is off the table immediately.

Why sudo Is Dangerous for AI Agents

When an AI agent runs sudo, it gains root-level access to your entire system. This means it can install system packages, modify kernel parameters, overwrite protected files, create new user accounts, and change firewall rules. A single hallucinated sudo rm -rf / could destroy your system.

GPT-based agents using function calling or code interpreter may attempt sudo for legitimate-sounding reasons — installing a dependency, fixing a permission error, or configuring a service. Without gating, these commands execute with your full privileges.

Step 1: Install SafeClaw

npx @authensor/safeclaw

SafeClaw is zero-dependency and MIT licensed. It works with OpenAI GPT agents, Claude Code, and any framework that exposes command execution.

Step 2: Configure the sudo Block

SafeClaw's default policy already blocks sudo, but here is the explicit rule for clarity:

# safeclaw.policy.yaml rules: - action: shell.execute command_pattern: "sudo *" effect: deny reason: "AI agents must never execute commands with elevated privileges" - action: shell.execute command_pattern: "su -c *" effect: deny reason: "Block su-based privilege escalation"

- action: shell.execute command_pattern: "doas *" effect: deny reason: "Block doas-based privilege escalation (OpenBSD alternative to sudo)"

This catches sudo apt install, sudo chmod, sudo systemctl, and any other sudo-prefixed command. It also blocks su -c and doas, which are alternative privilege escalation paths.

Step 3: Block Indirect Escalation

A sophisticated agent might try to write a script that contains sudo and then execute it. SafeClaw catches this at multiple layers:

rules: - action: file.write content_pattern: "sudo " effect: deny reason: "Block writing files that contain sudo commands" - action: shell.execute command_pattern: "pkexec *" effect: deny reason: "Block PolicyKit privilege escalation"

- action: shell.execute command_pattern: "/sudo " effect: deny reason: "Block full-path sudo invocation"

This prevents the agent from writing a bash script containing sudo and then running it, or from invoking /usr/bin/sudo by its full path.

Step 4: Test the Policy

Run SafeClaw in simulation mode to confirm the rules work:

npx @authensor/safeclaw --simulate

Then trigger a test by asking your GPT agent to run a harmless sudo command like sudo whoami. The simulation log should show:

[DENIED] shell.execute: "sudo whoami"
  Rule: "AI agents must never execute commands with elevated privileges"
  Policy: safeclaw.policy.yaml:3

Step 5: Review the Audit Trail

SafeClaw's hash-chained audit log records every blocked sudo attempt:

npx @authensor/safeclaw audit --filter "command_pattern:sudo"

Each entry includes the timestamp, the full command attempted, the rule that blocked it, and a hash linking it to the previous entry for tamper-proof verification.

What About Legitimate System Tasks?

If your agent needs to perform a system task that normally requires sudo, create a purpose-built script that runs with the minimum necessary permissions and expose it as an allowed action:

rules:
  - action: shell.execute
    command_pattern: "./scripts/restart-dev-server.sh"
    effect: allow
    reason: "Pre-approved script for restarting the dev server"

This follows the principle of least privilege — the agent can run the specific script, but cannot run arbitrary sudo commands.

SafeClaw is open-source with 446 tests and works with both OpenAI and Claude providers. The hash-chained audit trail ensures every action is traceable.

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw