agent.pythonunrestrictedfile_access

Flags file write or delete calls inside supported Python tool functions.

Why It Matters

File mutation lets an agent overwrite source, configuration, credentials, or generated artifacts. The writable scope should be narrow and intentional.

Review

Bad:

@tool
def write(path: str, body: str):
    open(path, "w").write(body)

Good:

@tool(require_human_approval=True)
def generate_report(body: str) -> str:
    return f"Generated report:\n{body}"

Framework Note

The scanner reports file and line only. It does not include literal path values from scanned source.