Skip to main content
Glama
Shrike-Security

Shrike Security MCP Server

by Shrike-Security
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Remote

check_approval

Idempotent

Check if an action requiring human approval is pending, approved, rejected, or expired. Submit a decision only after explicit user instruction.

Instructions

Check the status of a pending approval, or submit a decision.

WHEN TO USE: Only when the user asks you to check an approval or when you need to verify approval status before proceeding with a previously held action.

POLL MODE (no decision parameter): Returns the current status of an approval.

  • status="pending": approval is still awaiting a human decision. Inform the user it is still pending and STOP. Do NOT poll in a loop — wait for the user to ask you to check again.

  • status="approved": the action has been approved. You may now proceed with the original action that was held.

  • status="rejected": the action was denied. Return the rejection reason to the user and STOP. Do not retry.

  • status="expired": the approval timed out without a decision. Inform the user and STOP.

DECIDE MODE (decision + justification parameters): Submits a decision after the user explicitly instructs you to approve or reject.

  • You MUST present the full approval context (threat type, severity, risk factors) to the user FIRST.

  • You MUST wait for the user's EXPLICIT instruction (e.g., "approve it", "reject it") before calling with a decision.

  • NEVER decide autonomously — always require explicit human instruction.

  • High/critical severity approvals can ONLY be decided via the Shrike dashboard — the server will reject MCP-submitted decisions for these.

  • Low/medium severity approvals have a 60-second cooldown after creation before decisions are accepted.

  • If the server returns a 403 error, inform the user of the reason and direct them to the dashboard if needed.

IMPORTANT: Do NOT automatically poll in a loop. Approvals may take minutes to hours. Inform the user of the pending status and wait for them to ask you to check again.

Enterprise context: Provides the human-in-the-loop control required for compliance (GDPR Art. 22, SOC2 CC8.1). Every decision is recorded with full audit trail.

ERROR HANDLING: If this tool returns an error, inform the user. Do NOT proceed with the original action without a confirmed approval.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
approval_idYesThe approval ID returned by a scan tool when action was require_approval
decisionNoSubmit a decision ONLY after the user explicitly instructs you to approve or reject. Never decide autonomously.
justificationNoReason for the decision (recommended for rejections)

Tool Definition Quality

A4.9/5.0
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations provide idempotentHint and openWorldHint, but the description goes far beyond by detailing poll vs. decide modes, server error handling (403), cooldown rules, and the requirement for explicit human instruction. No contradictions with annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with clear sections (WHEN TO USE, POLL MODE, DECIDE MODE, IMPORTANT, etc.), front-loaded with purpose. Every sentence adds value, no redundancy. Length is justified by complexity.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Despite no output schema, the description covers all necessary context: modes, error handling, cooldown, dashboard redirect, audit trail, and enterprise context. It provides complete guidance for correct agent invocation.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, so baseline is 3. The description adds operational context for each parameter: approval_id is tied to previous scan tool output, decision requires explicit user instruction, justification is recommended for rejections. It reinforces and expands on schema documentation.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool does two things: check approval status and submit a decision. It uses specific verbs ('Check', 'submit') and identifies the resource ('approval'). It differentiates from siblings by being the only approval-related tool among scan tools.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description includes an explicit 'WHEN TO USE' section that states when to use the tool (user asks to check, verify before action) and provides detailed instructions for both poll and decide modes, including when not to use (e.g., high severity must use dashboard) and prohibitions (no auto-polling).

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Shrike-Security/shrike-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server