Skip to main content
Learn how to configure Skills for common use cases and scenarios. These examples demonstrate best practices for skill selection, configuration, and assignment.

Production Deployment Agent

An agent that can deploy applications to production with controlled permissions.

Skills Needed

  • File System (Full Access): Read deployment configs, write logs
  • Shell (Safe Commands): Run deployment scripts with restricted commands
  • Docker (Full Control): Manage production containers

Configuration

# 1. Create file system skill for deployment configs
kubiya skill create \
  --name "Prod Deploy Files" \
  --type file_system \
  --variant full_access \
  --config-json '{
    "base_dir": "/opt/deployments",
    "allowed_extensions": ["yaml", "json", "sh", "log"]
  }' \
  --enabled

# 2. Create restricted shell skill
kubiya skill create \
  --name "Prod Deploy Shell" \
  --type shell \
  --variant safe_commands \
  --config-json '{
    "allowed_commands": ["kubectl", "helm", "docker", "git", "aws"],
    "timeout": 300
  }' \
  --enabled

# 3. Create Docker skill for container management
kubiya skill create \
  --name "Prod Docker Manager" \
  --type docker \
  --variant full_control \
  --enabled

# 4. Associate all skills with the deployment agent
kubiya skill associate agent <deploy-agent-id> <file-skill-id>
kubiya skill associate agent <deploy-agent-id> <shell-skill-id>
kubiya skill associate agent <deploy-agent-id> <docker-skill-id>
For production deployments, always use safe command variants and restrict shell access to only necessary commands.

Read-Only Monitoring Agent

An agent for monitoring and observability with no write permissions.

Skills Needed

  • File System (Read Only): Monitor log files and configs
  • Shell (Read Only): Run diagnostic commands
  • Data Visualization: Create monitoring dashboards

Configuration

# 1. Create read-only file system skill
kubiya skill create \
  --name "Monitor Logs Reader" \
  --type file_system \
  --variant read_only \
  --config-json '{
    "base_dir": "/var/log",
    "allowed_extensions": ["log", "txt"]
  }' \
  --enabled

# 2. Create read-only shell skill
kubiya skill create \
  --name "Monitor Shell" \
  --type shell \
  --variant read_only \
  --config-json '{
    "allowed_commands": ["ps", "top", "df", "netstat", "tail", "grep"],
    "timeout": 30
  }' \
  --enabled

# 3. Create data visualization skill
kubiya skill create \
  --name "Monitor Dashboards" \
  --type data_visualization \
  --enabled

# 4. Associate with monitoring agent
kubiya skill associate agent <monitor-agent-id> <file-skill-id>
kubiya skill associate agent <monitor-agent-id> <shell-skill-id>
kubiya skill associate agent <monitor-agent-id> <viz-skill-id>
Read-only variants are perfect for audit, compliance, and monitoring use cases where agents should observe but not modify the system.

Development Sandbox Environment

An agent for developers working in isolated sandbox environments.

Skills Needed

  • File System (Sandboxed): Isolated directory access
  • Shell (Full Access): Freedom to experiment
  • Python (Full Access): Run and test Python code
  • Docker (Containers Only): Test containerized applications

Configuration

# 1. Create sandboxed file system
kubiya skill create \
  --name "Dev Sandbox Files" \
  --type file_system \
  --variant sandboxed \
  --config-json '{
    "base_dir": "/sandbox/dev",
    "enable_read_file": true,
    "enable_save_file": true,
    "enable_list_files": true
  }' \
  --enabled

# 2. Create full-access shell for experimentation
kubiya skill create \
  --name "Dev Sandbox Shell" \
  --type shell \
  --variant full_access \
  --enabled

# 3. Create Python skill
kubiya skill create \
  --name "Dev Python" \
  --type python \
  --variant full_access \
  --enabled

# 4. Create limited Docker skill
kubiya skill create \
  --name "Dev Docker" \
  --type docker \
  --variant containers_only \
  --enabled

# 5. Associate with development team
kubiya skill associate team <dev-team-id> <file-skill-id>
kubiya skill associate team <dev-team-id> <shell-skill-id>
kubiya skill associate team <dev-team-id> <python-skill-id>
kubiya skill associate team <dev-team-id> <docker-skill-id>
Sandbox environments should be isolated from production. Use base_dir restrictions and separate workers for safety.

Multi-Agent Orchestration

An orchestrator agent that delegates tasks to specialized agents.

Skills Needed

  • Agent Communication (Limited): Call approved agents with safeguards
  • File System (Read Only): Access coordination data
  • Workflow Executor: Execute complex orchestration workflows

Configuration

# 1. Create agent communication skill with limited access
kubiya skill create \
  --name "Orchestrator Communication" \
  --type agent_communication \
  --variant limited \
  --config-json '{
    "allowed_operations": ["execute_agent", "get_execution_status"],
    "allowed_agents": ["deploy-agent-id", "monitor-agent-id", "test-agent-id"],
    "max_execution_depth": 2,
    "timeout": 600,
    "max_concurrent_calls": 3
  }' \
  --enabled

# 2. Create read-only file system for coordination
kubiya skill create \
  --name "Orchestrator Files" \
  --type file_system \
  --variant read_only \
  --config-json '{
    "base_dir": "/opt/orchestration"
  }' \
  --enabled

# 3. Create workflow executor skill
kubiya skill create \
  --name "Orchestrator Workflows" \
  --type workflow_executor \
  --config-json '{
    "allowed_executors": ["agent", "shell"],
    "validation_enabled": true,
    "timeout": 1800
  }' \
  --enabled

# 4. Associate with orchestrator agent
kubiya skill associate agent <orchestrator-agent-id> <comm-skill-id>
kubiya skill associate agent <orchestrator-agent-id> <file-skill-id>
kubiya skill associate agent <orchestrator-agent-id> <workflow-skill-id>
Set max_execution_depth to prevent infinite loops in agent-to-agent calls. A depth of 2-3 is sufficient for most orchestration scenarios.

Custom Integration: Slack Notifications

Using a custom skill to integrate with Slack for team notifications.

Setup

# 1. Create custom skill directory
mkdir -p ~/.kubiya/skills/slack-notifier

# 2. Create skill.yaml (see Custom Skills guide for full example)
# 3. Create Python implementation

# 4. Create skill instance
kubiya skill create \
  --name "Team Slack Notifier" \
  --type slack-notifier \
  --config-json '{
    "default_channel": "#deployments",
    "allowed_channels": ["#deployments", "#alerts", "#general"]
  }' \
  --enabled

# 5. Associate with deployment agent
kubiya skill associate agent <deploy-agent-id> <slack-skill-id>
Use Case: Agent sends deployment notifications to Slack channels after successful deployments.
Learn how to create custom Skills in the Custom Skills guide.

Variant Selection Guide

How to choose the right variant for your use case:
Use CaseRecommended VariantReason
Production deploymentsSafe Commands (Shell)Balanced security and functionality
Monitoring/ObservabilityRead Only (All)No risk of accidental changes
Development/TestingFull Access or SandboxedFreedom to experiment safely
Automated scriptsSafe Commands or LimitedPrevent destructive actions
Admin/OperationsFull AccessComplete control when needed
Multi-agent orchestrationLimited (Agent Communication)Controlled delegation with safeguards
Audit/ComplianceRead Only (All)Observation without modification
Always start with the most restrictive variant that meets your needs. You can always upgrade permissions later if required.

Troubleshooting Scenarios

Scenario: Agent Cannot Execute Task

Symptoms: Agent fails with “Skill not found” or “Permission denied” Solution:
  1. Verify skill is assigned: kubiya skill list-associations agent <agent-id>
  2. Check skill is enabled: kubiya skill get <skill-id>
  3. Review configuration: Ensure required commands/paths are in allowed list
# Check skill associations
kubiya skill list-associations agent <agent-id>

# Get skill details
kubiya skill get <skill-id> -o json | jq '.configuration'

# Update if needed
kubiya skill update <skill-id> --config-json '{"allowed_commands":[...]}'

Scenario: Skill Works in Development But Not Production

Symptoms: Same skill configuration behaves differently across environments Solution:
  1. Check environment variables are set on production worker
  2. Verify Python dependencies are installed
  3. Confirm base directories exist and have correct permissions
  4. Review worker logs for error details
# On production worker
export API_KEY="production-key"
pip list | grep required-package
ls -la /expected/base/directory
tail -f /var/log/kubiya-worker/worker.log

Built-in Skills

Reference for all available Skills

Skill Variants

Understand variant options

CLI Reference

Complete CLI command guide

Custom Skills

Create organization-specific Skills