SkillProvenance Scan

Review guide

Agent Skill Install Risk Checklist

Assess agent skill install risk from provenance, permissions, external services, credential prompts, dangerous setup steps, and upgrade rollback options.

Open scan preview

What this search usually needs

Agent skill install risk is the chance that a skill can access more than expected, leak data through external services, ask for sensitive credentials, or become hard to roll back after installation. A useful review turns those concerns into a short approve, hold, or reject decision.

Where it applies

  • An IT team is approving a skill for a shared agent environment.
  • A startup wants to use third-party skills without slowing every install to a custom security review.
  • A skill author wants to know which issues block enterprise buyers.

How to run the review

  1. Identify the skill source, maintainer, license, and recent changes.
  2. List tools, file paths, network endpoints, and external services.
  3. Scan for credential requests, destructive commands, and instruction-overriding language.
  4. Check whether the skill has a safe rollback path and a known baseline version.
  5. Record the decision in an allowlist with reviewer notes.

Common risks to catch

  • Destructive commands or broad write access can damage local workspaces.
  • Credential prompts can train teams to paste secrets into the wrong place.
  • A missing rollback plan makes a bad upgrade harder to contain.

Use SkillProvenance Scan for this review

SkillProvenance Scan gives install reviewers a practical risk board with evidence, severity, suggested action, and a direct route to a paid trust report.

Open scan preview View pricing plans