Skip to main content

Type

file_system

Variants

Read Only, Full Access, Sandboxed
Purpose: The File System skill provides agents with controlled access to the local filesystem, enabling them to read, write, list, and search files and directories.

Common Use Cases

Reading configuration filesAccess application configs, environment files, and settings

Creating and managing log filesWrite logs, audit trails, and operational data

Searching for specific files or contentLocate files by name patterns or search content within files

Monitoring file changesTrack modifications, detect configuration drift

Variants Overview

VariantSecurityKey PermissionsBest ForCreate Command
Read Only 🟢SafeRead, list, search onlyLog monitoring, audits--variant read_only
Full Access 🟡RecommendedRead, write, create, deleteGeneral file operations--variant full_access
Sandboxed 🔵SecureIsolated to specific directoryTesting, untrusted operations--variant sandboxed
Choosing a variant: Start with Read Only, upgrade only as needed following the principle of least privilege. See Variant Configuration for detailed differences.

Configuration

Example Configuration: 
{
  "enable_read_file": true,
  "enable_save_file": false,
  "base_dir": "/var/log",
  "allowed_extensions": ["log"]
}
ParameterTypeDefaultDescription
enable_read_filebooleantrueAllow file reading
enable_save_filebooleanvariant-specificAllow file writing
enable_list_filesbooleantrueAllow directory listings
enable_search_filesbooleantrueAllow content search
base_dirstring”/“Root directory restriction
allowed_extensionsarray[]Whitelist file types
max_file_sizestring”10MB”Maximum file size
follow_symlinksbooleanfalseFollow symbolic links
Read Only:
  • enable_save_file: false (locked)
  • enable_delete: false (locked)
Full Access:
  • All operations enabled
Sandboxed:
  • base_dir: "/sandbox" (locked)
  • Full access within sandbox only
See: Variant Configuration Guide

Quick Start

# Create skill with variant
kubiya skill create --name "Log Reader" --type file_system --variant read_only --enabled

# Associate with agent
kubiya skill associate agent <agent-id> <skill-id>

View Complete Examples

See full production deployment patterns, multi-step workflows, and troubleshooting guides

Security Best Practices

Always specify a base_dir to limit file operations to a specific directory tree.
base_dir: "/opt/myapp"  # Agent can only access files under /opt/myapp
Use allowed_extensions to restrict which file types the agent can interact with.
allowed_extensions: ["yaml", "json", "log"]
Begin with the most restrictive variant and only upgrade when write operations are necessary.
Solutions:
  • Verify base_dir includes the target files
  • Check file extensions are in allowed_extensions
  • Confirm worker process has OS-level read permissions
Solutions:
  • Ensure variant is not Read Only
  • Verify enable_save_file: true in configuration
  • Check OS-level write permissions on target directory
This is expected behavior for security. Either adjust base_dir to include needed paths or create multiple File System skills with different base_dir values.

Shell Skill

Execute commands to manipulate files

Python Skill

Process files with Python scripts

File Generation

Create formatted files (PDF, CSV, JSON)

View All Skills

Return to built-in skills overview