What agents can do
Explore the built-in tools, connected app actions, and the permissions model for AI agents in your Nebula workspace. From web search to code.
Agents in your workspace come with built-in tools — web search, code, browsing, media — and pick up new ones automatically when you connect apps. This page is the catalog plus how permissions work.
Built-in tools
Searches the web for current information, articles, and data.
Runs Python, Bash, or TypeScript on the workspace Computer. Common data science libraries (pandas, numpy, matplotlib) are pre-installed.
Reads and extracts structured data from web pages.
Controls a real browser to interact with websites — click, fill forms, navigate, extract.
Generates and processes images, audio, and video; transcribes recordings.
Sends email and posts messages on connected platforms (Slack, Discord, Telegram, etc.).
App integrations
When you connect an app to your workspace, Nebula adds that app's tools to the relevant agents automatically. Browse the full catalog of what's available:
Tools in action
Permissions
Permissions decide what an agent is allowed to do. There are two paths in:
When you connect an app via OAuth, the provider shows a consent screen listing exactly what Nebula is asking for — read inbox, send mail, list repos, etc. Nebula never gets more than you approve.
For tools that use an API key or token, permissions are whatever the key can do. A GitHub token scoped to read:repo only gives Nebula read access. To narrow what an agent can do, generate a scoped key in that service before pasting it into Nebula.
Nebula stores credentials encrypted. Never paste a key into a chat message — use the variable form in the agent details panel.
Best practice: grant only what the agent needs. Read-only access is plenty for monitoring; only grant write access when the agent is supposed to act.
Permissions decide what an agent can reach. For a second check at the moment an agent acts, turn on the safety gate — it pauses risky writes and deletes for your approval.