Back to skill

Security audit

Request Approval

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed human-approval workflow for risky agent actions, with no executable payload or hidden persistence in the package.

Before installing, verify the Preloop MCP endpoint and package, use a dedicated least-privilege token stored securely, and configure policy so destructive, sensitive, external, or persistent changes still require approval even outside production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The setup guide shows an API bearer token embedded directly in configuration examples but does not explicitly warn that the token is a sensitive secret that must be stored, scoped, and rotated securely. Readers may copy this pattern into plaintext config files, screenshots, repos, or shared workstation profiles, increasing the chance of credential disclosure and unauthorized access to the Preloop MCP server.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
2. **Conditional logic**:
   - If production: Call `request_approval` (as shown above)
   - If dev/staging: Proceed directly without approval

3. **Tell the user**:
   - Production: "I've requested approval for this operation. Waiting for response..."
Confidence
94% confidence
Finding
without approval

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
3. **Tell the user**:
   - Production: "I've requested approval for this operation. Waiting for response..."
   - Dev/Staging: "This is a development environment, so I'm proceeding directly without approval."

## Example 7: Bulk File Operations
Confidence
95% confidence
Finding
without approval

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.