Complete reference for all capability strings recognized by Scarab-Runtime.
<domain>.<action>[:<scope>]
* in scope matches one path segment or name segment.** matches zero or more segments.- Exact strings match literally.
| Capability | Description |
|---|
fs.read | Read any file on the host filesystem |
fs.read:<path> | Read files matching the path glob (e.g. fs.read:/home/agent/**) |
fs.write | Write to any file (requires trusted or higher) |
fs.write:<path> | Write files matching the path glob (e.g. fs.write:/home/agent/workspace/**) |
fs.list | List directory contents anywhere |
fs.list:<path> | List directories matching the path glob |
fs.delete | Delete any file |
fs.delete:<path> | Delete files matching the path glob |
| Capability | Description |
|---|
tool.invoke:<tool-name> | Invoke a specific tool |
tool.invoke:* | Invoke any registered tool |
tool.invoke:mcp.<server>.* | Invoke all tools from an attached MCP server |
tool.invoke:mcp.* | Invoke any MCP tool |
| Tool name | Description |
|---|
echo | Echo a message |
lm.complete | LLM text completion |
lm.embed | Text embedding |
fs.read | Read a file |
fs.write | Write a file |
fs.list | List a directory |
fs.delete | Delete a file |
web.fetch | HTTP GET |
web.search | DuckDuckGo web search |
sandbox.exec | Execute code in a sandboxed namespace |
agent.info | Get info about the current agent |
sensitive-op | Invoke a sensitive operation (requires HITL or operator approval) |
| Capability | Description |
|---|
net.connect:<host>:<port> | Connect to a specific host and port |
net.connect:*:<port> | Connect to any host on the given port |
net.local | Access local network (loopback + LAN) |
net.fetch:* | Unrestricted HTTP fetch (requires trusted+) |
| Capability | Description |
|---|
secret.use:<name> | Use the named secret in tool call arguments |
secret.use:<glob> | Use secrets matching the glob (e.g. secret.use:openai-*) |
secret.use:* | Use any secret (privileged agents only) |
| Capability | Description |
|---|
memory.read:<namespace> | Read persistent memory keys in a namespace |
memory.read:* | Read all memory keys |
memory.write:<namespace> | Write persistent memory keys in a namespace |
memory.write:* | Write all memory keys |
| Capability | Description |
|---|
bb.read | Read any blackboard key |
bb.read:<pattern> | Read keys matching a glob pattern |
bb.write | Write to any blackboard key |
bb.write:<pattern> | Write keys matching a glob pattern |
| Capability | Description |
|---|
bus.publish | Publish messages to any topic |
bus.publish:<pattern> | Publish to topics matching a glob pattern |
bus.subscribe | Subscribe to any topic pattern |
bus.subscribe:<pattern> | Subscribe to specific topic patterns |
| Capability | Description |
|---|
obs.append | Append entries to the agent's own observation log |
obs.query | Query own observation log (and supervised agents' logs) |
| Capability | Description |
|---|
agent.spawn | Spawn child agents (by manifest or by name) |
agent.kill | Terminate child agents |
agent.discover | Discover other agents by capability pattern |
agent.grant | Grant capabilities to child agents |
| Capability | Description |
|---|
sandbox.exec | Execute code in a throwaway namespace sandbox |
| Capability | Description |
|---|
*.* | All capabilities (reserved for privileged system agents) |
Some capabilities require a minimum trust level regardless of what the manifest declares:
| Capability | Minimum trust level |
|---|
net.fetch:* | trusted |
fs.write (unrestricted) | trusted |
secret.use:* | privileged |
*.* | privileged |