DocsSecurityCommand Safety & Risk Classification
Back to Docs
Security

Command Safety & Risk Classification

Understand how YeePilot classifies commands into risk levels and protects your system from dangerous operations

Last updated: February 27, 2026

YeePilot evaluates every command before execution and assigns it a risk level. This multi-layered safety system ensures you always know what is about to happen on your server and gives you the final say on anything that could cause harm.

Risk Levels

Every command the AI proposes is classified into one of four risk levels:

SAFE (Green)

Read-only commands that inspect system state without making changes.

Examples:

  • ls, cat, head, tail, less
  • ps, top, htop, df, du, free
  • whoami, hostname, uname, uptime
  • systemctl status, journalctl (read-only)
  • ip addr, ss, netstat, ping, dig

SAFE commands are low-risk. Depending on your security mode, they may execute automatically without a confirmation prompt.

MODERATE (Yellow)

Commands that make system changes but are routine administrative operations.

Examples:

  • apt install, apt update, yum install
  • systemctl restart, systemctl enable
  • mkdir, cp, mv (to non-system paths)
  • crontab -e, useradd
  • ufw allow, firewall-cmd

MODERATE commands are shown to you with a summary of what they will do. Depending on your security mode, you may be prompted to confirm before execution.

DANGEROUS (Red)

Commands that can cause significant or irreversible changes to your system.

Examples:

  • rm -rf on important directories
  • chmod / chown on system files
  • dd (disk write operations)
  • iptables rule changes
  • Editing critical config files like /etc/fstab, /etc/ssh/sshd_config
  • mkfs (formatting filesystems)

DANGEROUS commands always require explicit confirmation, regardless of your security mode. YeePilot displays a prominent warning explaining the potential impact.

BLOCKED (Never Executed)

Commands that are never executed under any circumstances. These represent actions that are almost always malicious or catastrophically destructive.

YeePilot includes 70+ built-in blocked patterns covering:

  • Destructive filesystem operations -- rm -rf /, rm -rf /*, wiping entire filesystems
  • Reverse shells -- bash, python, netcat, and other reverse shell techniques
  • Privilege escalation -- unauthorized sudo manipulation, setuid exploits
  • Container escapes -- attempts to break out of container isolation
  • History manipulation -- clearing or disabling shell history to cover tracks
  • Crypto miners -- known mining software and pool connections
  • Data exfiltration -- piping sensitive files to external services
  • Fork bombs -- :(){ :|:& };: and variants

If the AI ever suggests a blocked command, YeePilot rejects it immediately and logs the attempt. There is no way to override a blocked command from within a session.

Security Modes

YeePilot offers three security modes that control how confirmations are handled:

Strict Mode

yaml
security:
  mode: strict

Every command requires confirmation before execution, regardless of risk level. This is the most secure setting, recommended for production servers.

plaintext
> Show disk usage
 
Proposed: df -h
Risk: SAFE
[Y/n] Confirm?

Moderate Mode (Default)

yaml
security:
  mode: moderate

SAFE commands execute automatically. MODERATE and DANGEROUS commands require confirmation. This is the default and balances security with usability.

plaintext
> Install nginx
 
Proposed: apt install -y nginx
Risk: MODERATE
[Y/n] Confirm?

Permissive Mode

yaml
security:
  mode: permissive

SAFE and MODERATE commands execute automatically. Only DANGEROUS commands require confirmation. Use this when you are working on development or staging servers where speed matters more than caution.

plaintext
> Delete the old log files
 
Proposed: rm -rf /var/log/myapp/old/
Risk: DANGEROUS
[Y/n] Confirm? WARNING: This will permanently delete files.

Configuration Options

Fine-tune the safety system in ~/.yeepilot/config.yaml:

yaml
security:
  mode: moderate                  # strict, moderate, or permissive
  require_confirmation: true      # Master switch for confirmations
  blocked_patterns:               # Add custom blocked patterns
    - "curl.*|.*bash"             # Block piping curl to bash
    - "wget.*-O-.*|.*sh"         # Block piping wget to sh

Adding Custom Blocked Patterns

If your organization has specific commands that should never run, add them to the blocked_patterns list:

yaml
security:
  blocked_patterns:
    - "DROP DATABASE"
    - "truncate.*production"
    - "shutdown -h now"

Custom patterns are added on top of the built-in 70+ patterns. You cannot remove built-in blocked patterns.

You Always Have the Final Say

YeePilot is designed with a fundamental principle: the human operator is always in control.

  • SAFE and MODERATE commands can be auto-approved based on your security mode, but you can always switch to strict mode for full control
  • DANGEROUS commands always show a clear warning and wait for your explicit approval
  • BLOCKED commands are rejected automatically to protect against prompt injection or AI hallucination
  • You can cancel any proposed command by pressing n at the confirmation prompt or Ctrl+C at any time

Even when using permissive mode, YeePilot still classifies every command and logs its risk level. You can review the audit log at any time to see what was executed and why.

Prompt Injection Protection

YeePilot's safety system also defends against prompt injection attacks -- attempts by malicious content (in files, logs, or web pages) to trick the AI into running harmful commands. Even if injected text tries to override the AI's instructions, the command safety layer independently evaluates every proposed command against the blocked pattern list and risk classifier. The safety system operates separately from the AI model, providing defense in depth.

Previous

Thinking Modes

AI Providers

Next

Sandbox & Execution Isolation

Security