diff --git a/kubebot.go b/kubebot.go
index af86773..e84fb1f 100644
--- a/kubebot.go
+++ b/kubebot.go
@@ -11,13 +11,16 @@ type Kubebot struct {
 	token    string
 	admins   map[string]bool
 	channels map[string]bool
+	commands map[string]bool
 }
 
 const (
 	forbiddenUserMessage     string = "%s - ⚠ kubectl forbidden for user @%s\n"
 	forbiddenChannelMessage  string = "%s - ⚠ Channel %s forbidden for user @%s\n"
+	forbiddenCommandMessage  string = "%s - ⚠ Command %s forbidden for user @%s\n"
 	forbiddenUserResponse    string = "Sorry @%s, but you don't have permission to run this command :confused:"
 	forbiddenChannelResponse string = "Sorry @%s, but I'm not allowed to run this command here :zipper_mouth_face:"
+	forbiddenCommandResponse string = "Sorry @%s, but I cannot run this command. I'm allowed to run `%s`"
 	okResponse               string = "Roger that!\n@%s, this is the response to your request:\n ```\n%s\n``` "
 )
 
@@ -36,6 +39,11 @@ func kubectl(command *bot.Cmd) (msg string, err error) {
 		return fmt.Sprintf(forbiddenChannelResponse, nickname), nil
 	}
 
+	if len(command.Args) > 0 && !kb.commands[command.Args[0]] {
+		fmt.Printf(forbiddenCommandMessage, time, kb.commands, nickname)
+		return fmt.Sprintf(forbiddenCommandResponse, nickname, kb.commands), nil
+	}
+
 	output := execute("kubectl", command.Args...)
 
 	return fmt.Sprintf(okResponse, nickname, output), nil
diff --git a/main.go b/main.go
index da241b3..0fecff2 100644
--- a/main.go
+++ b/main.go
@@ -9,6 +9,7 @@ const (
 	slackTokenLabel    string = "KUBEBOT_SLACK_TOKEN"
 	slackChannelsLabel string = "KUBEBOT_SLACK_CHANNELS_IDS"
 	slackAdminsLabel   string = "KUBEBOT_SLACK_ADMINS_NICKNAMES"
+	slackCommandsLabel string = "KUBEBOT_SLACK_VALID_COMMANDS"
 )
 
 var (
@@ -20,6 +21,7 @@ func main() {
 		token:    os.Getenv(slackTokenLabel),
 		admins:   stringToMap(os.Getenv(slackAdminsLabel), " "),
 		channels: stringToMap(os.Getenv(slackChannelsLabel), " "),
+		commands: stringToMap(os.Getenv(slackCommandsLabel), " "),
 	}
 
 	slack.Run(kb.token)