You might be able to upload a cpl to the VCS by a taylored HTTPS POST or even by scp,
I am at least able to find the file (policy.xml) in the file system, but it might have a critical impact
to just overwrite it or might not automatically used if its updated. So https post might be the better way.
Anyhow, both ways are not good.
I would look into a CPL server (check the vcs admin and cpl guides)!
http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_External_Policy_Deployment_Guide_X7.pdf