Full guide
Follow the sections in order, then adapt commands to your current environment.
Security is paramount when running AI agents that have terminal access. Follow these guidelines to stay safe.
1. Use Sandboxes
Whenever possible, run skills in a sandboxed environment. Claude Code and other agents often support restrictive modes.
2. Review Source Code
Before installing a privileged skill (one that runs shell commands or writes files), review the repository and the SKILL.md instructions.
3. Minimal Permissions
Only grant the permissions a skill strictly needs. Avoid running agents as root or with sudo.
4. Environment Variables
Keep API keys and secrets in environment variables (.env files or shell exports), never hardcode them in skills.
5. Report Issues
If you encounter a suspicious skill, report it to the maintainer and the CmdBrief team immediately.