Learn how to configure Skills for common use cases and scenarios. These examples demonstrate best practices for skill selection, configuration, and assignment.
Production Deployment Agent
An agent that can deploy applications to production with controlled permissions.
Skills Needed
- File System (Full Access): Read deployment configs, write logs
- Shell (Safe Commands): Run deployment scripts with restricted commands
- Docker (Full Control): Manage production containers
Configuration
# 1. Create file system skill for deployment configs
kubiya skill create \
--name "Prod Deploy Files" \
--type file_system \
--variant full_access \
--config-json '{
"base_dir": "/opt/deployments",
"allowed_extensions": ["yaml", "json", "sh", "log"]
}' \
--enabled
# 2. Create restricted shell skill
kubiya skill create \
--name "Prod Deploy Shell" \
--type shell \
--variant safe_commands \
--config-json '{
"allowed_commands": ["kubectl", "helm", "docker", "git", "aws"],
"timeout": 300
}' \
--enabled
# 3. Create Docker skill for container management
kubiya skill create \
--name "Prod Docker Manager" \
--type docker \
--variant full_control \
--enabled
# 4. Associate all skills with the deployment agent
kubiya skill associate agent <deploy-agent-id> <file-skill-id>
kubiya skill associate agent <deploy-agent-id> <shell-skill-id>
kubiya skill associate agent <deploy-agent-id> <docker-skill-id>
For production deployments, always use safe command variants and restrict shell access to only necessary commands.
Read-Only Monitoring Agent
An agent for monitoring and observability with no write permissions.
Skills Needed
- File System (Read Only): Monitor log files and configs
- Shell (Read Only): Run diagnostic commands
- Data Visualization: Create monitoring dashboards
Configuration
# 1. Create read-only file system skill
kubiya skill create \
--name "Monitor Logs Reader" \
--type file_system \
--variant read_only \
--config-json '{
"base_dir": "/var/log",
"allowed_extensions": ["log", "txt"]
}' \
--enabled
# 2. Create read-only shell skill
kubiya skill create \
--name "Monitor Shell" \
--type shell \
--variant read_only \
--config-json '{
"allowed_commands": ["ps", "top", "df", "netstat", "tail", "grep"],
"timeout": 30
}' \
--enabled
# 3. Create data visualization skill
kubiya skill create \
--name "Monitor Dashboards" \
--type data_visualization \
--enabled
# 4. Associate with monitoring agent
kubiya skill associate agent <monitor-agent-id> <file-skill-id>
kubiya skill associate agent <monitor-agent-id> <shell-skill-id>
kubiya skill associate agent <monitor-agent-id> <viz-skill-id>
Read-only variants are perfect for audit, compliance, and monitoring use cases where agents should observe but not modify the system.
Development Sandbox Environment
An agent for developers working in isolated sandbox environments.
Skills Needed
- File System (Sandboxed): Isolated directory access
- Shell (Full Access): Freedom to experiment
- Python (Full Access): Run and test Python code
- Docker (Containers Only): Test containerized applications
Configuration
# 1. Create sandboxed file system
kubiya skill create \
--name "Dev Sandbox Files" \
--type file_system \
--variant sandboxed \
--config-json '{
"base_dir": "/sandbox/dev",
"enable_read_file": true,
"enable_save_file": true,
"enable_list_files": true
}' \
--enabled
# 2. Create full-access shell for experimentation
kubiya skill create \
--name "Dev Sandbox Shell" \
--type shell \
--variant full_access \
--enabled
# 3. Create Python skill
kubiya skill create \
--name "Dev Python" \
--type python \
--variant full_access \
--enabled
# 4. Create limited Docker skill
kubiya skill create \
--name "Dev Docker" \
--type docker \
--variant containers_only \
--enabled
# 5. Associate with development team
kubiya skill associate team <dev-team-id> <file-skill-id>
kubiya skill associate team <dev-team-id> <shell-skill-id>
kubiya skill associate team <dev-team-id> <python-skill-id>
kubiya skill associate team <dev-team-id> <docker-skill-id>
Sandbox environments should be isolated from production. Use base_dir restrictions and separate workers for safety.
Multi-Agent Orchestration
An orchestrator agent that delegates tasks to specialized agents.
Skills Needed
- Agent Communication (Limited): Call approved agents with safeguards
- File System (Read Only): Access coordination data
- Workflow Executor: Execute complex orchestration workflows
Configuration
# 1. Create agent communication skill with limited access
kubiya skill create \
--name "Orchestrator Communication" \
--type agent_communication \
--variant limited \
--config-json '{
"allowed_operations": ["execute_agent", "get_execution_status"],
"allowed_agents": ["deploy-agent-id", "monitor-agent-id", "test-agent-id"],
"max_execution_depth": 2,
"timeout": 600,
"max_concurrent_calls": 3
}' \
--enabled
# 2. Create read-only file system for coordination
kubiya skill create \
--name "Orchestrator Files" \
--type file_system \
--variant read_only \
--config-json '{
"base_dir": "/opt/orchestration"
}' \
--enabled
# 3. Create workflow executor skill
kubiya skill create \
--name "Orchestrator Workflows" \
--type workflow_executor \
--config-json '{
"allowed_executors": ["agent", "shell"],
"validation_enabled": true,
"timeout": 1800
}' \
--enabled
# 4. Associate with orchestrator agent
kubiya skill associate agent <orchestrator-agent-id> <comm-skill-id>
kubiya skill associate agent <orchestrator-agent-id> <file-skill-id>
kubiya skill associate agent <orchestrator-agent-id> <workflow-skill-id>
Set max_execution_depth to prevent infinite loops in agent-to-agent calls. A depth of 2-3 is sufficient for most orchestration scenarios.
Custom Integration: Slack Notifications
Using a custom skill to integrate with Slack for team notifications.
Setup
# 1. Create custom skill directory
mkdir -p ~/.kubiya/skills/slack-notifier
# 2. Create skill.yaml (see Custom Skills guide for full example)
# 3. Create Python implementation
# 4. Create skill instance
kubiya skill create \
--name "Team Slack Notifier" \
--type slack-notifier \
--config-json '{
"default_channel": "#deployments",
"allowed_channels": ["#deployments", "#alerts", "#general"]
}' \
--enabled
# 5. Associate with deployment agent
kubiya skill associate agent <deploy-agent-id> <slack-skill-id>
Variant Selection Guide
How to choose the right variant for your use case:
| Use Case | Recommended Variant | Reason |
|---|
| Production deployments | Safe Commands (Shell) | Balanced security and functionality |
| Monitoring/Observability | Read Only (All) | No risk of accidental changes |
| Development/Testing | Full Access or Sandboxed | Freedom to experiment safely |
| Automated scripts | Safe Commands or Limited | Prevent destructive actions |
| Admin/Operations | Full Access | Complete control when needed |
| Multi-agent orchestration | Limited (Agent Communication) | Controlled delegation with safeguards |
| Audit/Compliance | Read Only (All) | Observation without modification |
Always start with the most restrictive variant that meets your needs. You can always upgrade permissions later if required.
Troubleshooting Scenarios
Scenario: Agent Cannot Execute Task
Symptoms: Agent fails with “Skill not found” or “Permission denied”
Solution:
- Verify skill is assigned:
kubiya skill list-associations agent <agent-id>
- Check skill is enabled:
kubiya skill get <skill-id>
- Review configuration: Ensure required commands/paths are in allowed list
# Check skill associations
kubiya skill list-associations agent <agent-id>
# Get skill details
kubiya skill get <skill-id> -o json | jq '.configuration'
# Update if needed
kubiya skill update <skill-id> --config-json '{"allowed_commands":[...]}'
Scenario: Skill Works in Development But Not Production
Symptoms: Same skill configuration behaves differently across environments
Solution:
- Check environment variables are set on production worker
- Verify Python dependencies are installed
- Confirm base directories exist and have correct permissions
- Review worker logs for error details
# On production worker
export API_KEY="production-key"
pip list | grep required-package
ls -la /expected/base/directory
tail -f /var/log/kubiya-worker/worker.log
Related Pages
