diff --git a/.github/workflows/cmd.yml b/.github/workflows/cmd.yml
index 380cf5f1be..218fac1164 100644
--- a/.github/workflows/cmd.yml
+++ b/.github/workflows/cmd.yml
@@ -11,8 +11,50 @@ permissions: # allow the action to comment on the PR
   actions: read
 
 jobs:
+  fellows:
+    runs-on: ubuntu-latest
+    outputs:
+      github-handles: ${{ steps.load-fellows.outputs.github-handles }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Load fellows
+        id: load-fellows
+        uses: paritytech/get-fellows-action@v1.2.0
+
+  reject-non-fellows:
+    needs: fellows
+    if: ${{ startsWith(github.event.comment.body, '/cmd') && !contains(needs.fellows.outputs.github-handles, github.event.sender.login) }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Add reaction to rejected comment
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            github.rest.reactions.createForIssueComment({
+              comment_id: ${{ github.event.comment.id }},
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              content: 'confused'
+            })
+
+      - name: Comment PR (Rejected)
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: `Sorry, only fellows can run commands.`
+            })
+
   acknowledge:
-    if: ${{ startsWith(github.event.comment.body, '/cmd') }}
+    needs: fellows
+    if: ${{ startsWith(github.event.comment.body, '/cmd') && contains(needs.fellows.outputs.github-handles, github.event.sender.login) }}
     runs-on: ubuntu-latest
     steps:
       - name: Add reaction to triggered comment
@@ -28,13 +70,14 @@ jobs:
             })
 
   clean:
+    needs: fellows
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Clean previous comments
-        if: ${{ startsWith(github.event.comment.body, '/cmd') && contains(github.event.comment.body, '--clean') }}
+        if: ${{ startsWith(github.event.comment.body, '/cmd') && contains(github.event.comment.body, '--clean') && contains(needs.fellows.outputs.github-handles, github.event.sender.login) }}
         uses: actions/github-script@v7
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -62,8 +105,8 @@ jobs:
               }
             })
   help:
-    needs: clean
-    if: ${{ startsWith(github.event.comment.body, '/cmd') && contains(github.event.comment.body, '--help') }}
+    needs: [clean, load-fellows]
+    if: ${{ startsWith(github.event.comment.body, '/cmd') && contains(github.event.comment.body, '--help') && contains(needs.fellows.outputs.github-handles, github.event.sender.login) }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -74,7 +117,7 @@ jobs:
         id: get-pr-comment
         with:
           text: ${{ github.event.comment.body }}
-          regex: '^(\/cmd )(.*)$'
+          regex: '^(\/cmd )([\s\w-]+)\n'
 
       - name: Save output of help
         id: help
@@ -142,7 +185,7 @@ jobs:
         id: get-pr-comment
         with:
           text: ${{ github.event.comment.body }}
-          regex: '^(\/cmd )(.*)$'
+          regex: '^(\/cmd )([\s\w-]+)\n'
 
       - name: Build workflow link
         if:  ${{ !contains(github.event.comment.body, '--quiet') }}
@@ -216,7 +259,6 @@ jobs:
         run: |
           echo "Running command: $CMD"
           git remote -v
-          # TODO: uncomment
           python3 .github/scripts/cmd/cmd.py $CMD
           git status
           git diff