Tools & Risk Levels

Silicon Worker gets things done through a set of tools — reading and writing files, running commands, operating the browser and apps, and so on. To balance "getting work done" with "staying safe and in control," every tool carries a risk level, and sensitive actions ask for your consent before running.

The three risk levels

Every tool — and even different uses of the same tool — is tagged with a risk level:

Safe: read-only operations with no real impact, such as viewing a file, searching content, or reading the calendar.
Low: operations that have an effect but are usually mild, such as creating or updating a record.
High: operations that could have large or irreversible impact, such as writing/overwriting files, running commands, submitting forms, or deleting items.

Some tools have a dynamically judged risk level. For calendar operations, for example: viewing is Safe, creating/updating is Low, and deleting is High. Browser and desktop operations also detect their high-risk actions (such as submitting a form or clicking a delete button).

Permission modes

You can use permission modes to set, in one place, how much Silicon Worker should ask you first. There are roughly three levels:

Free: automatically runs Safe and Low-risk operations, and asks only for high-risk ones.
Controlled: asks before any risky operation.
Restricted: denies by default, allowing only what you've explicitly permitted.

TIP

When in doubt, start with a more cautious mode, then loosen it once you're familiar with its behavior. See Permissions for configuration.

Sensitive actions ask first

When an operation reaches a risk level that requires confirmation, Silicon Worker pauses and explains what it's about to do, then runs it only after you agree — you can also decline. A paused task resumes from where it left off once you confirm. This behavior is also covered in How the agent works.

In addition, accessing system capabilities (such as accessibility, notifications, automation, calendars, reminders, or full disk access) requires you to grant the corresponding permission at the system level. Silicon Worker will guide you to System Settings when needed.

Local sandbox

Silicon Worker's file operations and command execution are confined to a separate working directory for each session, and cannot reach outside that directory — preventing accidental changes to other files on your computer.

WARNING

Browser and desktop automation operate directly on your real browser and desktop apps, so they are not confined to the working directory — that's what lets them do work for you. For exactly that reason, high-risk actions in these operations are gated by the confirmation mechanism above.

Data stays local

All of Silicon Worker's persistent data — sessions, experts, Skills, memory, tasks, and more — is stored in a local database on your own computer. The base product does not sync data to the cloud; by default your data never leaves your device. Your API Keys are likewise stored locally.

Permissions: configure permission modes and system grants.
How the agent works: how pausing and confirming fit into task progress.
Built-in tools reference: the full list of tools.
Permissions reference: details on risk levels and permissions.

Tools & Risk Levels ​

The three risk levels ​

Permission modes ​

Sensitive actions ask first ​

Local sandbox ​

Data stays local ​

Next / Related ​