Security and trust

Here is everything across the lifecycle that can reach the network, and when:

flowchart TD
    I["Install: npx skills add"] -->|writes markdown only| OK["No code runs"]
    OK --> A["First /stream-cli call"]
    OK --> B["/stream-builder needs UI scaffolding"]
    A -->|"only if CLI not installed"| CLI["Download CLI binary<br/>verify SHA-256 · TTY confirm"]
    B -->|"lists them, waits"| FE["Optional frontend skills"]

    style I fill:#e1f3ff
    style OK fill:#e1ffe4
    style CLI fill:#fff3e1
    style FE fill:#fff3e1

Install time

When you run npx skills add, the skills.sh CLI fetches markdown from GetStream/agent-skills and writes the files to your agent's skills directory. No code executes during this step.

Stream CLI binary install

This step runs the first time you invoke /stream-cli, but only if the CLI binary isn't already on your machine. The installer does three things:

• It downloads the binary from getstream.io/cli/.
• It verifies the binary's SHA-256 checksum before executing it.
• It requires a TTY confirmation from you before running.

The full audit lives at skills/stream-cli/bootstrap.md. The CLI install is skipped entirely if you only ever use /stream-docs or /stream-builder.

Frontend skills

Only /stream-builder triggers this step, and only when it needs UI scaffolding. The builder offers to pull three open-source frontend skills from vercel-labs/agent-skills and anthropics/skills. It lists them and waits for your approval before installing anything. If you decline, the builder still works fine without them.

Credentials

The rules every skill follows forbid logging or echoing secrets on any code path. You should read those rules yourself before installing, the same way you'd review any tool that touches your project data.