Approval Queue
4 pendingAI has pre-analyzed each request — review signals and confirm or override
cursor-agent-v0.4.2 is an AI coding assistant sub-process. Detected reads of ~/.aws/credentials and ~/.ssh/id_rsa via MCP tool calls — a known AI agent prompt injection pattern where agents are manipulated to exfiltrate credentials. Publisher cert is valid but agent runs with dev's full permissions. 47 engineers have requested this tool in 30 days.
| Publisher | Unverified |
| Credential access | ~/.aws/credentials, ~/.ssh/id_rsa |
| Prompt injection risk | Detected via MCP tool calls |
| Endpoints affected | 47 engineers |
| Background process | Runs with full dev permissions |
Override AI recommendation? AI suggested "Approve with restrictions". Confirm full Approve?
Confirm restriction of cursor-agent-v0.4.2? This will block installation for all pending requesters.
Notify team owner? An automated message will be sent to sarah.chen requesting justification.
npm package lightllm v0.2.1 has been flagged for supply chain indicators. Telemetry recorded outbound connections to 185.220.101.47 — a known Tor exit node. The package was published 8 days ago with no prior version history. Three other packages by the same author were pulled from npm last month.
| Publisher | Unknown / unverified |
| C2 connection | 185.220.101.47 (Tor exit node) |
| Package age | 8 days · no prior history |
| Author history | 3 prior packages removed from npm |
Confirm restriction of npm: lightllm 0.2.1? The package will be blocked fleet-wide immediately.
Proxyman is a well-known macOS HTTP proxy/debug tool used by developers. Signed by Proxyman OÜ with valid Apple developer certificate. The app intercepts HTTPS traffic by design, which grants it access to decrypted credentials in transit. Use should be limited to dev environments.
| Publisher | Signed · Proxyman OÜ |
| CVEs | None |
| HTTPS intercept | Decrypts all HTTPS traffic |
| Scope concern | Should be dev-only |
Approve Proxyman 4.7 for installation? Access will be scoped to dev machines in policy.
Confirm restriction of Proxyman 4.7? This overrides the AI recommendation. carlos.torres will be notified.
Notify team owner? carlos.torres will be asked to confirm the business need and target environment.
"I need Wireshark to capture traffic for a pentest engagement on our staging network. This is for the Q2 internal red team exercise (JIRA: SEC-1847). ~30 min session on my isolated test machine."
Wireshark is a legitimate network analyzer signed by the Wireshark Foundation. No supply chain indicators. Request cites verifiable JIRA ticket SEC-1847. maya.johnson is in the Security team with prior approved tool exceptions. The 30-min scoped exception pattern is consistent with internal pentest protocols.
| Publisher | Wireshark Foundation |
| JIRA ticket | SEC-1847 · verifiable |
| Requester history | Security team · prior exceptions approved |
| Network capture | Full traffic intercept capability |
Grant 30-minute exception for Wireshark 4.2 on maya.johnson's machine? ShieldOps will auto-revoke at expiry and log all captures.
Deny exception for Wireshark 4.2? maya.johnson will be notified with the reason.
Request additional info from maya.johnson? They will be prompted to confirm the target environment and data flows.