Example review output
gmail-workflow-agent
Agent Package / Medium confidence / Static analysis only / No code execution
- Critical
- 0
- High
- 2
- Medium
- 4
- Low
- 5
Install-time review for AI skills and agent packages.
Paste a skill, upload a package, or review an agent config. IGLIGQ checks risky permissions, hidden data access, external calls and unsafe instructions before you trust it.
AI Skill & Agent Package Security Checker
No installation. No sign-up. Static review only.
URL mode is a guided example. For a real free check, paste instructions or upload a supported local file below. Do not submit secrets.
Select scan target
Example review output
Agent Package / Medium confidence / Static analysis only / No code execution
IGLIGQ separates the free local preview from deeper human review.
Paste instructions, provide a package URL, upload a ZIP or review an MCP/plugin manifest.
Check structure, permissions, dependency hints, secret patterns, network clues and instructions that may influence agent behavior.
Translate technical signals into read, write, network, shell, secret and prompt actions.
Show score, confidence, where risks were found, recommendations and the next review option.
Each finding shows severity, confidence, where the risk was found and the recommended action.
Manifest completeness, schema clarity and artifact organization.
Declared or implied access to files, tools, accounts and actions.
External endpoints, callbacks, webhook references and data transfer signals.
Read/write behavior, export paths and local storage indicators.
Instruction override, autonomy and human-approval bypass wording.
Credential patterns, env usage and unclear key-handling instructions.
Install scripts, unpinned packages and dependency manifest issues.
Logging, approval gates, disclosure quality and failure handling.
Report section
A structured view of what the package appears able to read, write, call, execute or expose.
| Capability | Action | Severity | Confidence | Evidence |
|---|---|---|---|---|
| Network access | Calls external mail API | High | High | scripts/send.ts -> fetch(api.mailprovider.example) |
| Filesystem write | Writes local export files | Medium | Medium | src/exporter.ts -> fs.writeFile(outputPath) |
| Behavior-influencing instructions | Contains oversight-reduction wording | Medium | Medium | SKILL.md contains autonomous retry and approval-bypass language |
| Secrets handling | Reads environment variables | Medium | Low | config/mail.ts -> process.env.MAIL_API_TOKEN |
Report section
IGLIGQ compares stated purpose with visible behavior, permissions, external services and risky instructions.
Human review option
Request a human-reviewed report when you need a public badge, team-ready audit report or private team review. The result reflects the submitted package and the evidence found during review.
Use the local preview for pasted text or a supported file. Do not submit secrets. Scripts are inspected, not executed. The free preview shows summary counts only and does not create a paid report.
Example only. This sample is not generated from your input and is not a paid audit result.