# Security and trust

<Admonition type="info">

Stream Agent Skills are markdown only, so nothing executes when you install them. Two later operations can touch the network, and the agent prompts you for approval before either one runs.

</Admonition>

Here is everything across the lifecycle that can reach the network, and when:

<mermaid>

```text
flowchart TD
    I["Install: npx skills add"] -->|writes markdown only| OK["No code runs"]
    OK --> A["First /stream-cli call"]
    OK --> B["/stream-builder needs UI scaffolding"]
    A -->|"only if CLI not installed"| CLI["Download CLI binary<br/>verify SHA-256 · TTY confirm"]
    B -->|"lists them, waits"| FE["Optional frontend skills"]

    style I fill:#e1f3ff
    style OK fill:#e1ffe4
    style CLI fill:#fff3e1
    style FE fill:#fff3e1
```

</mermaid>

## Install time

When you run `npx skills add`, the skills.sh CLI fetches markdown from `GetStream/agent-skills` and writes the files to your agent's skills directory. No code executes during this step.

## Stream CLI binary install

This step runs the first time you invoke `/stream-cli`, but only if the CLI binary isn't already on your machine. The installer does three things:

- It downloads the binary from `getstream.io/cli/`.
- It verifies the binary's SHA-256 checksum before executing it.
- It requires a TTY confirmation from you before running.

<Admonition type="tip">

The binary never runs unverified or unattended: the checksum is checked first, and you confirm at a TTY prompt before it executes.

</Admonition>

The full audit lives at [`skills/stream-cli/bootstrap.md`](https://github.com/GetStream/agent-skills/blob/main/skills/stream-cli/bootstrap.md). The CLI install is skipped entirely if you only ever use `/stream-docs` or `/stream-builder`.

## Frontend skills

Only `/stream-builder` triggers this step, and only when it needs UI scaffolding. The builder offers to pull three open-source frontend skills from [`vercel-labs/agent-skills`](https://github.com/vercel-labs/agent-skills) and [`anthropics/skills`](https://github.com/anthropics/skills). It lists them and waits for your approval before installing anything. If you decline, the builder still works fine without them.

## Credentials

<Admonition type="info">

`/stream-cli` resolves credentials from the standard Stream CLI config locations on your machine. They never enter the agent's prompt context.

</Admonition>

The [rules every skill follows](/agent-skills/docs/concepts/skill-rules/) forbid logging or echoing secrets on any code path. You should read those rules yourself before installing, the same way you'd review any tool that touches your project data.


---

This page was last updated at 2026-06-16T16:17:03.286Z.

For the most recent version of this documentation, visit [https://getstream.io/agent-skills/docs/concepts/security/](https://getstream.io/agent-skills/docs/concepts/security/).