How Clawctl Blocks 70+ High-Risk Agent Actions (And Why You Want It To)
Your agent is supposed to do things autonomously. That's the point.
But some things shouldn't happen without a human in the loop. File deletions. Email sends. Shell commands. Database drops.
Clawctl blocks 70+ high-risk actions by default. Here's what that means in practice.
The Problem with Autonomous Agents
An agent with full permissions can:
- Delete every file in your workspace
- Send emails to your entire customer list
- Execute arbitrary shell commands
- Make HTTP calls to any endpoint
- Drop database tables
- Modify production configs
All it takes is one bad prompt. One compromised skill. One edge case the model didn't handle well.
The damage happens before you know it's happening.
What "Blocked" Means
When your agent tries a high-risk action, Clawctl:
- Pauses execution — The action doesn't happen
- Logs the request — Full context, timestamp, parameters
- Notifies you — Dashboard alert, email, or webhook
- Waits for approval — 24-hour expiry by default
You see exactly what the agent wants to do. You approve or reject. Then it continues (or doesn't).
The Categories
File Operations
- File delete (single file)
- Directory delete (recursive)
- File overwrite (destructive changes)
- Sensitive path access (.env, credentials, configs)
Shell & System
- Shell command execution
- Process spawn
- System config modification
- Package installation
Network
- HTTP POST/PUT/DELETE to external domains
- New domain access (not in allowlist)
- Webhook triggers
- API calls with credentials
Communication
- Email send
- Slack/Discord message to channels
- SMS send
- Calendar event creation/deletion
Database
- DROP statements
- DELETE without WHERE
- TRUNCATE
- Schema modifications
Financial
- Payment processing
- Invoice generation
- Subscription changes
- Refund issuance
Browser Automation
- Form submission
- Login actions
- File downloads
- Screenshot capture
Auto-Approve Rules
Blocking everything gets annoying. That's why Clawctl supports auto-approve rules for trusted patterns.
Example: Your agent reads and writes to /workspace/output/ constantly. You don't want to approve every write.
In the dashboard, navigate to Policies > Auto-Approve Rules and add a rule for file_write scoped to /workspace/output/*.
Now writes to that path proceed automatically. Writes anywhere else still require approval.
Other patterns:
- Auto-approve HTTP GET to your own API
- Auto-approve email to internal domains
- Auto-approve shell commands matching a specific pattern
The rules are versioned with rollback if you mess up.
The Approval Flow
From the dashboard:
Open the Approvals panel. You'll see pending actions with details:
| ID | Action | Target | Requested | Expires |
|---|---|---|---|---|
| ap-7f2a | file_delete | /workspace/temp.log | 2 min ago | 23h 58m |
| ap-8b3c | http_post | api.stripe.com/... | 5 min ago | 23h 55m |
Click to review the full context. Then approve or reject with an optional reason. Done.
Via webhook:
Configure a webhook to hit your internal approval system. Integrate with Slack, Teams, PagerDuty, whatever your team uses.
Why This Matters
The January 2026 research found that prompt injection → command execution was a primary attack vector.
Someone sends an email to an account the agent watches. Hidden instructions in the body. The agent reads them and executes.
Without approvals: the action happens. You find out later (if ever).
With approvals: the action pauses. You see "Agent wants to delete all emails in inbox." You reject it. Crisis averted.
The Trust Ladder
Start with everything blocked. As you learn what's safe:
- Observe what your agent actually tries to do
- Identify safe patterns
- Add auto-approve rules for those patterns
- Keep risky actions requiring manual approval
Over time, your agent runs smoothly for routine tasks, but high-risk actions always have a human check.
The Tradeoff
More approvals = more friction = slower agent. Fewer approvals = faster agent = higher risk.
Clawctl defaults to safety. You loosen controls deliberately, based on observed behavior, with full audit trail.
That's how you run agents in production without fear.