Pre-Install Checks

How to check if a skill is safe before installing it — the recommended workflow for LLMs and agents.

Overview

The safest time to catch a malicious or risky MCP server is before it gets installed. Oathe provides two workflows for pre-install checks: a quick summary lookup for previously audited skills, and a full audit submission for new or unaudited ones.

Quick Check Workflow

If the skill has been audited before, you can retrieve its latest results instantly:

GET https://audit-engine.oathe.ai/api/skill/{owner}/{repo}/summary

The response includes the trust score, recommendation, and a breakdown of scoring dimensions. No audit is triggered — this is a read-only lookup.

Decision flow:

  1. Call the summary endpoint.
  2. If a result exists, read the recommendation field.
  3. If INSTALL or INSTALL_WITH_CAUTION, proceed with installation (present findings to the user if INSTALL_WITH_CAUTION).
  4. If REVIEW_BEFORE_INSTALL or DO_NOT_INSTALL, block installation and explain why.
  5. If no result exists (404), fall back to the full audit workflow.

Full Audit Workflow

For skills that have never been audited:

POST https://audit-engine.oathe.ai/api/submit
Content-Type: application/json

{"skill_url": "https://github.com/owner/repo"}

Then poll for the result:

GET https://audit-engine.oathe.ai/api/audit/{audit_id}

Once the status is complete, read report.recommendation and apply the same decision flow above.

Acting on Recommendations

RecommendationAction
INSTALLInstall normally. No intervention needed.
INSTALL_WITH_CAUTIONInstall is acceptable. Present the flagged findings to the user and let them decide.
REVIEW_BEFORE_INSTALLDo not install by default. Show the user the specific risks and require explicit confirmation.
DO_NOT_INSTALLBlock installation entirely. Inform the user that the skill failed the security audit.

Using the MCP Server

The Oathe MCP server (npx oathe-mcp) exposes a get_skill_summary tool that wraps the quick check workflow. LLMs and agents can call this tool directly before installing any skill:

Tool: get_skill_summary
Input: {"owner": "someuser", "repo": "some-mcp-server"}

The tool returns the summary object, including the recommendation and trust score. If no audit exists, it returns a clear indication that the skill has not been audited yet.

Presenting Findings to Users

When the recommendation is CAUTION or worse, surface the following to the user:

  • The overall trust score and recommendation.
  • The top flagged dimensions (e.g., permission scope, network activity).
  • A link to the full report for detailed findings.

Do not silently install a skill that received a REVIEW_BEFORE_INSTALL or DO_NOT_INSTALL rating. The purpose of a pre-install check is to give the user enough information to make an informed decision.

Integration Pattern

For agents that manage tool installation:

  1. User requests a new skill.
  2. Agent calls get_skill_summary (or the REST endpoint).
  3. If SAFE: install and confirm.
  4. If CAUTION: show findings, ask the user to confirm.
  5. If REVIEW_BEFORE_INSTALL / DO_NOT_INSTALL: refuse and explain.
  6. If not yet audited: submit for audit, wait, then apply the same logic.