Skill Risk Checker: Evaluate Agent Permissions Before You Enable
Use this checklist to assess the risk level of any agent skill before enabling it. Covers permission scope, data access, and blast radius.
Skill Risk Checker
What this tool does: Helps you evaluate the risk of enabling any agent skill before you grant permissions.
Quick Risk Assessment
Step 1: Identify the Permission Type
Check what category of permissions the skill requests:
| Permission Type | Risk Level | Examples |
|---|---|---|
| Read-only | š¢ Low | Browse web, search files, read docs |
| Create/Write | š” Medium | Create files, add calendar events |
| Modify/Update | š Medium-High | Edit files, update records |
| Delete | š“ High | Delete files, remove data |
| Send/Publish | š“ High | Send emails, post to social |
| Execute | š“ Very High | Run code, system commands |
| Account Access | ā« Critical | Manage credentials, admin settings |
Step 2: Assess the Scope
How much can the skill access?
| Scope | Risk Multiplier |
|---|---|
| Single item (one file, one record) | 1Ć |
| Specific folder/category | 2Ć |
| All items of a type | 5Ć |
| All data in a service | 10Ć |
| Multiple services | 20Ć |
Step 3: Check Reversibility
Can you undo what the skill does?
| Reversibility | Risk Factor |
|---|---|
| Fully reversible (draft mode) | Low |
| Reversible with effort (restore from backup) | Medium |
| Partially reversible (some data lost) | High |
| Irreversible (sent/deleted/published) | Critical |
Risk Score Calculator
Risk Score = Permission Risk Ć Scope Multiplier Ć Reversibility Factor
Low Risk: 1-10
Medium Risk: 11-30
High Risk: 31-100
Critical Risk: 100+Example Assessment
Skill: "Auto-reply to emails"
- Permission Type: Send (š“ High = 8)
- Scope: All emails (Ć 10)
- Reversibility: Irreversible (Ć 3)
Risk Score: 8 Ć 10 Ć 3 = 240 (Critical)
Recommendation: Require approval for each reply, or limit to specific senders.
Detailed Checklist
Data Access Questions
- What specific data can this skill read?
- Is any sensitive data included (passwords, keys, personal info)?
- Can it access more data than needed for the task?
- Where is the data sent (local only, third-party service)?
Action Questions
- What actions can this skill take?
- Are any actions irreversible?
- Could mistakes affect other people?
- Is there a "blast radius" if something goes wrong?
Integration Questions
- What external services does this connect to?
- What credentials are required?
- Can those credentials be scoped down?
- What happens if those credentials leak?
Trust Questions
- Who made this skill?
- Is the source code available for review?
- Are there reviews or security audits?
- How is the skill updated?
Mitigation Strategies
For Medium-Risk Skills
ā Enable with monitoring ā Set up alerts for unusual activity ā Review logs regularly ā Use sandbox/test data first
For High-Risk Skills
ā Require approval for each action ā Limit to specific use cases ā Set strict rate limits ā Enable audit logging
For Critical-Risk Skills
ā Avoid if possible ā If necessary, use with human-in-the-loop ā Implement multiple approval gates ā Regular security reviews
Decision Framework
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā Is the benefit worth the risk? ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā
ā¼
āāāāāāāāāā
ā No ā ā Don't enable
āāāāāāāāāā
ā
ā¼ Yes
āāāāāāāāāāāāāāāāāāāāāāāāāā
ā Can you reduce scope? ā
āāāāāāāāāāāāāāāāāāāāāāāāāā
ā
ā¼ Yes
āāāāāāāāāāāāāāāāāāāāāāāāāā
ā Apply least privilege ā
āāāāāāāāāāāāāāāāāāāāāāāāāā
ā
ā¼
āāāāāāāāāāāāāāāāāāāāāāāāāā
ā Add approval gates for ā
ā irreversible actions ā
āāāāāāāāāāāāāāāāāāāāāāāāāā
ā
ā¼
āāāāāāāāāāāāāāāāāāāāāāāāāā
ā Enable with monitoring ā
āāāāāāāāāāāāāāāāāāāāāāāāāā