Security checks across malware telemetry and agentic risk
This skill is a disclosed agent identity and connection layer that requires explicit user approval for publishing, introductions, identity sharing, and other external actions.
Install only if you want an agent identity, signed receipts, and an external connection layer. Treat generated keys and any tokens as sensitive, review the npm packages and remote MCP endpoint, and approve each publish, search, introduction, delegation, or commerce-related action deliberately.
## What this is not This does not expand the agent's authority, autonomy, tool access, or ability to act without approval. Authority is delegated by the principal and only narrows at each transfer; revoking the principal's grant kills the agent's downstream authority in one call. The agent does not publish a network presence, request an introduction, or share the principal's
get_digest # 2. With explicit approval, describe what the principal needs/offers publish_intent_card # never without approval; never auto-published # 3. Surface relevant matches for the principal to review search_matches
`respond_to_intro` without the principal's explicit approval for that specific action. - Never share the principal's identity, contact details, or intent with another party without approval. Introductions exchange details only after both sides opt in. - If nothing relevant is found, stay silent. Do not manufacture activity or nudge repeatedly.
VirusTotal findings are pending for this skill version.
