This agent framework implements multiple layers of security to prevent dangerous operations:
- System Prompt - AI-level safety instructions
- Command Validation - Regex-based pattern matching
- Execution Sandbox - Limited environment and working directory
The following command patterns are automatically blocked:
| Category | Blocked Patterns | Examples |
|---|---|---|
| Destructive Files | rm -rf, rm -fr, rm -r, rm -f |
rm -rf /tmp/*, rm -rf ~ |
| System Modification | chmod 777, mkfs, fdisk |
chmod -R 777 /home |
| Data Destruction | shred, wipe, dd of=/dev/ |
dd if=/dev/zero of=/dev/sda |
| Privilege Escalation | sudo, su, pkexec, doas |
sudo rm -rf / |
| Network Attacks | nmap, masscan, ddos |
nmap -sS 192.168.1.1 |
| Process Killing | kill -9 on system PIDs |
kill -9 1 |
| System Directories | Operations on /etc, /usr, /bin |
rm -rf /etc/* |
| Download & Execute | `curl | bash, wget |
When a command is blocked, you'll see:
{
"success": false,
"security_violation": true,
"error": "Security violation: Command matches dangerous pattern: \\brm\\s+(-[rf]+\\s+)*/"
}| Category | Examples |
|---|---|
| File Listing | ls -la, find . -name "*.py", pwd |
| File Reading | cat file.txt, head -n 10 file, tail -f log |
| File Creation | touch newfile.txt, mkdir newdir |
| Safe Editing | echo "content" >> file, cp file.bak file |
| System Info | df -h, free -m, `ps aux |
| Python Execution | Calculations, data processing, file I/O |
# β
Safe: Calculations
print(sum(range(1, 101)))
# β
Safe: File I/O in user directories
with open('/tmp/test.txt', 'w') as f:
f.write('hello')
# β
Safe: Data processing
import json
data = {"key": "value"}
print(json.dumps(data))
# β οΈ Warning: System access (allowed but monitored)
import os
os.listdir('/tmp') # Allowed in safe directoriesThe AI receives strict safety instructions:
## β οΈ CRITICAL SECURITY RULES - NEVER VIOLATE β οΈ
You MUST follow these rules WITHOUT EXCEPTION.
π« ABSOLUTELY FORBIDDEN:
- rm -rf, rm -fr (recursive deletion)
- sudo commands (privilege escalation)
- System directory modifications
- Network attacks (nmap, masscan)
- Process killing (kill -9)
π‘οΈ SAFETY CHECKLIST:
1. Could this delete important data?
2. Could this affect system stability?
3. Is this the minimum necessary operation?
When in doubt: DON'T EXECUTE. Ask for clarification.
Regex patterns block dangerous commands:
DANGEROUS_PATTERNS = [
r'\brm\s+(-[rf]+\s+)*[/\*~]', # rm with dangerous targets
r'\bchmod\s+777',
r'\bsudo\b',
r'\bnmap\b',
# ... more patterns
]Limited execution environment:
# Safe working directory
cwd = '/tmp' # Never root or system directories
# Limited PATH
env = {'PATH': '/usr/local/bin:/usr/bin:/bin'}
# Timeout protection
timeout = 30 # seconds# Security settings
MAX_EXECUTION_TIME=30 # Command timeout in secondsTo add custom blocked patterns:
# In agent_framework/tools/executor.py
DANGEROUS_PATTERNS = [
# Add your patterns here
r'\byour_custom_dangerous_command\b',
]-
Be specific - Request exact file operations
- β "Delete all temp files"
- β "List files in /tmp older than 7 days"
-
Review before executing - Check what the AI plans to do
- The AI will explain its intended actions
- Confirm before allowing destructive operations
-
Use safe directories - Work in
/tmpor your home directory- Avoid system directories
- Create backups before editing
- Add security tests
def test_security_blocks_rm_rf():
executor = ToolExecutor()
with pytest.raises(CommandSecurityError):
executor.execute_bash("rm -rf /tmp/test")- Monitor logs
for log in result['logs']:
if 'security_violation' in log.get('result', {}):
logger.warning(f"Security violation: {log['result']['error']}")- Regular updates - Keep dangerous patterns updated
If you find a security bypass:
- Do not exploit - Report immediately
- Provide details - Command that bypassed security
- Suggest fix - Pattern or approach to block it
agent_framework/prompts.py- System prompt definitionsagent_framework/tools/executor.py- Command validationagent_framework/agent.py- Security integration