Gemini CLI AI Is Cool, but You Should Wear Protection

Sure, Gemini CLI is fun to play with, but don’t forget: it’s Google under the hood. Privacy shields up!

For about two weeks now, I’ve been playing around with AI on the command line.

When Google announced on June 25 that it had launched a completely open source application–or as open source as anything concerning AI can be–for accessing its Gemini AI platform from the command line, I jumped right on it and made the trip to GitHub to see about getting this running on my machine.

So far, except for a wild Saturday night ride that I’ve already chronicled on FOSS Force, the experience has been pretty cool, even though I keep the shields up when using it–but, more on that later.

The timing of Google’s release was perfect for me. A week earlier FOSS Force had published Jack Wallen’s article on Ollama, an open source app which, according to Jack, turns the terminal into an agentic AI powerhouse that totally runs on the local machine. I would’ve jumped on board for that, except that my computer doesn’t have the necessary dedicated GPU needed to run it without everything slowing down to a crawl.

That problem doesn’t exist with Gemini CLI. While the user does interface with a terminal app located on the local computer, the heavy lifting still takes place back home on Google’s cloud. In other words, it’s like using Gemini through your browser, except you’re addressing it more directly through the command line by way of a Google API. That also gives Gemini the ability to do a few things that your browser-based chatbot can’t do–but again, more on that later.

Another good thing–in my book at least– is that like Ollama it’s open source, licensed under Apache 2.0. That’s where another difference lies, however. Because Ollama resides entirely on your machine, everything is open source, including some of the language models you can run with it. With Gemini CLI, the only thing that’s open is the app you download and install on your machine. The Gemini platform itself is delivered as proprietary software as a service.

Installing Gemini CLI

The app’s GitHub page offers two ways to run Gemini CLI. One is a Node Package Execute version that allows users to temporarily take the app on a trial run using the npx command without installing it permanently. I tried that, but for some reason couldn’t get it to work, but you’re welcome to give it a go by running this:

npx https://github.com/google-gemini/gemini-cli.

The second way is to do what I did. Go ahead and bite the bullet, check to make sure your system has Node.js and npm installed, and install it with:

npm install -g @google/gemini-

After that, I typed gemini and watched success open up in front of me:

I accepted the default theme and clicked through that, which brought me to the inevitable sign-in screen. I took the easy way out and decided to sign in with Google…

… which ironically opened a browser.

And then after proving myself to Google’s satisfaction with an email address and password… voila! I was in.

Isolating Gemini

Lucky for me, I’m the inquisitive sort. You’ll notice from the screenshots included with this article, the first thing I did when I was inside was to ask questions such as, “What do people usually do first thing when they get here?” in order to feel my way around. Somewhere along the way, I asked Gemini something, and it asked me if I’d like it to access a file on my computer.

Wait! What?

It turns out that Gemini had access to about everything in my home directory. It could open a file, create a file, delete a file, and even modify a file… but only with my permission, it reassured me.

Hmmm… I definitely didn’t like that. Suddenly I understood the “no sandbox see /docs” notification at the bottom of the screen. And although Gemini CLI reassured me on several occasions that it wouldn’t dare screw with my files without my permission, I wasn’t about to start knowingly trusting Google–the world’s largest privacy abuser–with every file in my home directory.

Gemini has its own sandbox you can use, but it’s container based and requires you to run either Docker or Podman. Since I have no desire to have either Docker or Podman taking up virtual space on my SSD, I decided to use Firejail, a GPL licensed lightweight application sandbox that only takes up 1 MB of disk space.

To install it on my Debian-based system–that includes Debian, Ubuntu and all of its flavors, all the Linux Mint editions, and others–I started with the “update” command to make sure my computer installed the latest and greatest version:

sudo apt update

After that I ran the command to download and install Firejail:

sudo apt install firejail

With Firejail you have the choice to either totally sandbox an app and give it no access to your computer at all, or you can limit access to a particular directory within your home directory. I chose the latter alternative, since this leaves the door open for me to allow Gemini access to specific files in one specific directory.

From my home directory I created a directory called Firejail that Gemini CLI would have permission to access:

mkdir Firejail

With the directory in place, I then opened Gemini CLI through Firejail:

firejail --private=~/Firejail gemini

When the app opened I asked, “Are you able to access files in the ‘Documents’ directory?” The expected answer was, “No.” Except for some hidden files and some graphic files I’d dropped into the directory, all it should be able to access were two directories–“Linux” and “Look Here”–that I’d created within the Firejail directory.

Success! There was just one thing: “firejail –private=~/Firejail gemini” is not only a lot to have to type each and every time I want to fire up Gemini CLI. I decided I wanted to be able to make all that magic happen by simply typing in “geminiai.” To make that happen, I did this:

echo -e "\n# Alias to run Gemini CLI confined to Firejail directory\nalias geminiai='firejail --private=~/Firejail gemini'" >> ~/.bashrc

That done, I typed “geminiai” and hit enter.

Next week I’m going to see if I can get it to pay rent.