← Back to Skills Marketplace
2062
Downloads
1
Stars
6
Active Installs
1
Versions
Install in OpenClaw
/install request-approval
Description
Use Preloop's request_approval tool to get human approval before risky operations like deletions, production changes, or external modifications
Usage Guidance
This skill appears to be what it says: an instruction-only policy for using a Preloop approval tool. Before installing, verify you trust the Preloop endpoint (https://preloop.ai or your self-hosted URL) and the skill author. Note the setup guidance may suggest running `npx` to provide MCP transport — avoid running that in locked-down environments without review because it downloads and executes code. Ensure an appropriate approval policy and approvers are configured in Preloop, and confirm any API token used is stored only in your agent's MCP config (not copied into public places). If you want higher assurance, ask the skill author for: (1) a canonical source repository or homepage, (2) a maintainer identity you trust, and (3) confirmation that the agent configuration steps are optional (i.e., you can use an existing, vetted MCP transport instead of running npx).
Capability Analysis
Type: OpenClaw Skill
Name: request-approval
Version: 1.0.0
The OpenClaw AgentSkills skill bundle is benign. Its explicit purpose is to enhance security by requiring human approval for risky operations, which is the opposite of malicious intent. The `SKILL.md` instructions consistently guide the AI agent to be cautious, request approval via the `request_approval` tool before executing potentially harmful actions, and to immediately stop if approval is denied. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to bypass security or perform unauthorized actions. The external network calls are explicitly directed to a Preloop MCP server for the stated purpose of obtaining approval, as detailed in `references/SETUP.md`.
Capability Assessment
Purpose & Capability
The name/description (requesting human approval before risky operations) matches the instructions and examples. Required resources (a configured Preloop MCP server and an API token in agent configuration) are exactly what this capability needs; there are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
SKILL.md limits its behavior to: gather context about intended risky operations, call the request_approval tool, wait for human decision, then act (or not) based on approval. Example commands (ls, rm -rf, gh pr create, npm install, run migrations) are shown only as the operations that would be gated by approval. The instructions do not ask the agent to collect or exfiltrate data outside this approval flow.
Install Mechanism
There is no install spec (instruction-only), which is low risk. One setup example includes configuring the agent to run an `npx` command ("npx -y @modelcontextprotocol/server-everything") to provide MCP transport; that step would cause runtime download and execution of npm package code if followed, so administrators should review/approve that action in environments that disallow remote code installs.
Credentials
The skill declares no required env vars and does not demand unrelated credentials. Setup docs explain storing a Preloop API token in the agent's MCP configuration (Authorization header), which is proportional for a tool that communicates with an external approval service. The skill itself does not attempt to read or exfiltrate other environment variables or secrets.
Persistence & Privilege
The skill is not always-enabled (always:false) and does not request elevated or system-wide persistence. It does not instruct modifying other skills' configs. Model invocation is allowed (default) which is normal for a skill designed to be called by agents.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install request-approval - After installation, invoke the skill by name or use
/request-approval - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the request-approval skill.
- Enables human-in-the-loop approvals before risky operations like deletions, production changes, or external modifications.
- Outlines clear guidelines for when approval is required, recommended, or not necessary.
- Provides parameters and detailed usage instructions for the `request_approval` tool.
- Includes best practices and a decision framework to ensure safe and responsible operation.
Metadata
Frequently Asked Questions
What is Request Approval?
Use Preloop's request_approval tool to get human approval before risky operations like deletions, production changes, or external modifications. It is an AI Agent Skill for Claude Code / OpenClaw, with 2062 downloads so far.
How do I install Request Approval?
Run "/install request-approval" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Request Approval free?
Yes, Request Approval is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Request Approval support?
Request Approval is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Request Approval?
It is built and maintained by yconst (@yconst); the current version is v1.0.0.
More Skills