Security & Implementation Patterns
This section outlines the guardrails and usage patterns that keep SFTP tools safe for production. The main risks are broad path scope, overly permissive wildcard matching, oversized directory scans, and unsafe use of templated paths or content.
Guardrails & Path Scope
The tool accepts Remote Path, Local Path, and File Content.
Only use the folders you are allowed to access. That matters most for:
- Search and List, which walk directory trees from a starting path.
- Read, which pulls a single remote file into the model context.
- Write, Upload, and Download, which can create or replace files when overwrite is enabled.
Unvalidated runtime path can point the tool at unintended directories or files. Enforce allowlists, root-prefix checks, and input validation before allowing runtime substitution.
SFTP Pattern Semantics
Use filename wildcards only. The following pattern types are supported.
Supported patterns
*.logreport-*.csvinvoices-2026-??.pdf*
Not supported
^report-.*\.csv$(regex)**/*.log(globstar)logs/(error|warn)-*.txt(regex group)data/2026/[01-12]/report.csv(regex-style range)
Prefer patterns like *.log or report-*.csv over *.
Use a narrow Remote Path when you need precise targeting and a narrow pattern when you need predictable results.
Action-Specific Safety
Search and List
Search and list are the main discovery operations, so they should be bounded carefully.
- Use Max Results to keep result sets small and predictable.
- Keep patterns narrow so you do not scan unnecessary files.
- Disable recursion unless the directory tree is known and stable.
- Avoid listing hidden files unless your workflow explicitly needs them.
- Recursive traversal is capped in the tool to prevent runaway scans.
Read
Read is the simplest retrieval path, but it still needs content controls.
- Prefer Encoding set to auto for mixed text files.
- Use Encoding set to text when you know the file is textual.
- Use Encoding set to binary when the file is not text and you want base64 output instead of a decode failure.
Write, Upload, and Download
These actions are where overwrites and destination selection matter most.
- Keep destination paths explicit and avoid broad templated targets.
- Leave Overwrite disabled when you need immutable delivery semantics.
- Use templates only for the variable part of a path, not the entire destination root.
- Separate generation, staging, and final delivery paths so accidental replacement is easier to detect.
Performance Optimization
Bounded Results
Keep Max Results conservative for Search and List to prevent oversized responses.
Targeted Patterns
Prefer patterns like *.log or report-*.csv over * to reduce unnecessary file matches.
Limited Recursion
Only enable recursion when the directory tree is known and stable to avoid runaway traversal.
Encoding Choices
Use the right encoding mode for each file type to prevent decode errors and unnecessary base64 output.
Explicit Destinations
Keep write, upload, and download targets precise to reduce accidental overwrites and delivery mistakes.
Protocol Limitations
- Search patterns are matched against file names, so they are not a substitute for path allowlists.
- Binary content is returned as base64 when Encoding is set to binary or when auto-detection fails.
- Very large files can exceed response size limits if returned inline.
- Recursive directory traversal is intentionally capped to avoid runaway scans.