Lesson 1162 of 1455
Giving an AI Agent Shell Access Without Letting It Wreck Your Machine
Sandbox, allowlist, and confirm — three guardrails that make shell access safe enough to use.
Builders · Agentic AI · ~5 min read
The big idea
Giving an agent shell access is powerful and terrifying. Run it in a sandbox, allowlist the commands it can use, and require human confirmation for anything destructive — three rules that turn 'never' into 'sometimes'.
Some examples
- Claude Code runs in a Docker sandbox so even an `rm -rf` only nukes the container.
- Cursor's agent mode requires you to click Approve before it runs anything outside an allowlist.
- An agent's shell tool is wrapped to reject any command containing rm, mv, or sudo.
- ChatGPT in code interpreter mode runs in a fresh container that resets between sessions.
Try it!
If you've given an agent shell access, audit it: is there a sandbox, an allowlist, and a confirm step? Add what's missing.
Practice this safely
Try this with a school, hobby, or family example where the stakes are low. Use the AI output as a draft you can question, not as the final answer.
- 1Ask AI to explain shell in plain language, then underline anything that sounds uncertain or too broad.
- 2Give it one detail from "Giving an AI Agent Shell Access Without Letting It Wreck Your Machine" and ask for two possible next steps plus one reason each step might be wrong.
- 3Check sandbox against a trusted source, teacher, adult, expert, or original document before you use it.
End-of-lesson quiz
Check what stuck
8 questions · Score saves to your progress.
Lesson help
Questions are best handled with a grown-up here.
For this age range, Tendril keeps freeform AI chat paused until parent/guardian consent and child-safe moderation are fully verified. Use the quiz, notes, and related lessons below, or ask a parent, guardian, teacher, or librarian to work through the question with you.
Progress saved locally in this browser. Sign in to sync across devices.
Related lessons
Keep going
Creators · 21 min
Tool Registries and Permissioned Toolsets
Teach students how an agent safely discovers tools, validates calls, and limits what any session may do.
Creators · 11 min
AI and agent tool allowlist design
Design the tool allowlist for a coding agent so it can do the job without scope creep.
Builders · 40 min
Builder Capstone: Design an Agent for Your Life
No code. Just design. Pick a real task you do every week and draft a complete agent spec — goal, tools, loop, stop, approvals, and what success looks like.