I'll look into making it fail more gracefully. There is a trade-off between scope and trust though, and for coracle and flotilla I'm on the wide scope and high trust side of things. A lot of these approvals are used to probe relays to figure out what the user is allowed to do. I don't think every client should necessarily be sparing about signatures. "Sign everything" is a valid mode for some applications.