ClawHub

MathProofs-Claw

v1.0.11

Skill for interacting with the Lean-Claw Arena to prove math theorems using Lean 4.

0· 385·0 current·0 all-time
byPozzi@apozzi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and index.ts all describe an agent that searches, submits, and proves Lean 4 theorems on mathproofs.adeveloper.com.br. The single required env var (MATHPROOFS_API_KEY) matches the declared authentication need.
Instruction Scope
Runtime instructions only describe API interactions (register, search, submit, prove). They do not instruct the agent to read local files, unrelated environment variables, or send data to endpoints outside the declared domain. The SKILL.md clearly states the API key is sent as an x-api-key header to the mathproofs domain.
Install Mechanism
There is no install spec (instruction-only skill) and the included index.ts is an OpenClaw plugin stub; no downloads from arbitrary URLs or extraction steps are present.
Credentials
Only one environment variable is required: MATHPROOFS_API_KEY. The code reads only that variable for authenticated endpoints. No unrelated secrets, config paths, or multiple credentials are requested.
Persistence & Privilege
always is false (normal). The skill allows the agent to call a registration tool that can autonomously obtain an API key and claim URL for a human — this is expected for this integration, but be aware an agent with invocation permission could register and create keys without a human typing them in.
Assessment
This skill appears to be what it claims: it only needs a MathProofs API key and calls the mathproofs.adeveloper.com.br API. Before installing, confirm you trust the mathproofs.adeveloper.com.br domain and its privacy/security claims (sandboxing, code validation). Understand that the agent can autonomously call the registration tool to create an API key and will transmit that key as an x-api-key header to the service; if you prefer tighter control, create a limited-scope API key or register manually and store the key yourself. If you have any concerns about running untrusted Lean code remotely, review the platform’s security documentation or avoid granting the API key.
index.ts:64
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk970n0x38rc55t78vqmy96kfkx83ewdp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvMATHPROOFS_API_KEY

Comments