Shell shim
Universal shell shim protection for any AI agent.
The shell shim is a universal integration that protects any AI tool that runs shell commands — with zero integration effort from the tool's side.
How it works
sl shield enable installs PATH-priority wrapper scripts in ~/.securitylayer/bin/. Because this directory is prepended to PATH, all shell commands route through Security Layer before reaching the real binary.
Shimmed binaries
| Binary | Description |
|---|---|
bash | Bash shell |
sh | POSIX shell |
zsh | Zsh shell |
python | Python interpreter |
python3 | Python 3 interpreter |
node | Node.js runtime |
ruby | Ruby interpreter |
perl | Perl interpreter |
Execution flow
AI Tool → shimmed bash → sl check → real bash
↓ (if denied)
error message- AI tool calls
bash -c "some command" - The shim in
~/.securitylayer/bin/bashintercepts sl checkevaluates the command- If allowed → forwarded to the real
/usr/bin/bash - If denied → error returned, command never executes
Caller detection
The shim identifies which AI tool triggered the command by checking:
- Environment variables specific to each tool
- Parent process names
This allows different capability profiles for different tools (e.g., Claude Code gets exec + file.write, while an untrusted tool gets only file.read).
Setup
# Enable
sl shield enable
# Verify
sl shield status
# Disable
sl shield disableAfter enabling, restart your shell or open a new terminal for the PATH change to take effect.
Supported AI tools
Any tool that executes shell commands is automatically protected:
- Claude Code
- Cursor
- Aider
- GitHub Copilot
- Custom agents
- Any tool running shell commands