Replace exactly one occurrence of old_str with new_str in the given file.
AI agents use str_replace to create or update resources in TheWeave: Memory for AI agents you can cat, grep, and git — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your TheWeave: Memory for AI agents you can cat, grep, and git environment.
str_replace creates or modifies data in a reversible manner (the original content can be recovered by reversing the replacement). While it alters files, it does not destroy data irreversibly like delete or drop would. The potential for misuse is medium because an agent with malicious intent could corrupt memory files or configuration, but the operation remains theoretically reversible. This is Write, not Destructive.
From the tool's definition Tool description states 'Replace exactly one occurrence of old_str with new_str in the given file' — this modifies file content. The verb 'replace' indicates reversible modification of data.
Attacks that exploit this kind of access
Replace exactly one occurrence of old_str with new_str in the given file. It is categorised as a Write tool in the TheWeave: Memory for AI agents you can cat, grep, and git MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the TheWeave: Memory for AI agents you can cat, grep, and git MCP server in PolicyLayer and add a rule for str_replace: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches TheWeave: Memory for AI agents you can cat, grep, and git. Nothing to install.
str_replace is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the str_replace rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for str_replace. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
str_replace is provided by the TheWeave: Memory for AI agents you can cat, grep, and git MCP server (theweavesc/theweave). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →