Skip to main content

Type

shell

Variants

Safe Commands, Full Access, Read Only
Purpose: The Shell skill enables agents to execute shell commands on the worker system with fine-grained control over which commands are permitted.

Common Use Cases

Running system diagnosticsExecute health checks, performance monitoring, and system analysis

Executing deployment scriptsRun deployment workflows, configuration updates, and releases

Querying system informationGather OS details, disk usage, network status, and resource metrics

Process managementStart, stop, monitor, and manage system processes

Variants Overview

VariantSecurityKey PermissionsBest ForCreate Command
Safe Commands 🟢SafePre-approved safe commands onlySystem monitoring, diagnostics--variant safe_commands
Full Access 🔴UnrestrictedExecute any shell commandAdmin tasks, deployments--variant full_access
Read Only 🟢SecureView-only commands (ls, cat, grep)Auditing, compliance checks--variant read_only
Choosing a variant: Start with Safe Commands or Read Only, upgrade to Full Access only when absolutely necessary. See Variant Configuration for detailed differences.

Configuration

Example Configuration: 
{
  "allowed_commands": ["ps", "top", "df", "free", "netstat"],
  "timeout": 60,
  "max_output_size": "5MB",
  "working_directory": "/opt"
}
ParameterTypeDefaultDescription
allowed_commandsarrayvariant-specificWhitelist of permitted commands
blocked_commandsarrayvariant-specificBlacklist of forbidden commands
timeoutnumber60Command timeout in seconds
max_output_sizestring”10MB”Maximum output capture size
working_directorystring”/“Default command working directory
environment_variablesobjectCustom environment variables
Safe Commands:
  • allowed_commands: [“ls”, “cat”, “grep”, “find”, “ps”, “top”, “df”, “echo”, “git status”, …]
  • blocked_commands: [“rm”, “dd”, “mkfs”, “sudo”, “chmod”, “chown”]
Full Access:
  • allowed_commands: [”*”] (all commands)
  • blocked_commands: [] (none blocked)
Read Only:
  • allowed_commands: [“ls”, “cat”, “grep”, “find”, “ps”, “top”, “df”, “free”]
  • All write operations blocked
See: Variant Configuration Guide

Quick Start

# Create skill with variant
kubiya skill create --name "System Monitor" --type shell --variant safe_commands --enabled

# Associate with agent
kubiya skill associate agent <agent-id> <skill-id>

View Complete Examples

See full production deployment patterns, CI/CD configurations, and troubleshooting guides

Command Patterns

Wildcards and Subcommands

You can use patterns to allow command families: 
allowed_commands:
  - "git*"              # Allows all git subcommands
  - "kubectl get"       # Allows only kubectl get
  - "docker ps"         # Allows only docker ps
  - "systemctl status"  # Allows only status checks

Environment Variable Expansion

Commands can reference environment variables: 
# In configuration
environment_variables:
  DEPLOY_ENV: "production"
  APP_NAME: "myapp"

# Agent can use these in commands
# echo "Deploying ${APP_NAME} to ${DEPLOY_ENV}"

Security Best Practices

Explicitly specify allowed_commands rather than relying on blocked_commands. Whitelisting is more secure than blacklisting.
# Good: Whitelist approach
"allowed_commands": ["ls", "cat", "grep"]

# Risky: Blacklist approach (easy to miss dangerous commands)
blocked_commands: ["rm", "dd"]
Always configure command timeouts to prevent runaway processes.
"timeout": 60 automatically terminate after 60 seconds
Use Safe Commands variant for production. Reserve Full Access for development or isolated admin tasks.
Full Access variant should be used with caution. Prefer Safe Commands for production environments.
Solutions:
  • Verify command is installed on worker system
  • Check PATH environment variable includes command location
  • Use full path: /usr/bin/kubectl instead of kubectl
Solutions:
  • Ensure worker process user has OS-level permissions
  • Check file permissions on scripts or binaries
  • Verify working_directory is accessible
Solutions:
  • Check exact command string matches (including subcommands)
  • Verify no blocked_commands override
  • Use "*" wildcard for command families: "git*"

File System Skill

Access files for scripts and configurations

Python Skill

Execute Python scripts as alternative to shell

Docker Skill

Specialized Docker command management

View All Skills

Return to built-in skills overview