xProof — Blockchain Proof for Agents
ReviewAudited by ClawScan on May 2, 2026.
Overview
xProof is a coherent blockchain proof/audit skill, but it should be reviewed carefully because it can trigger paid proofs and tells agents to block high-risk actions unless xProof audit logging succeeds.
Review this skill before installing if your agent has wallet access or will perform trades, deployments, transfers, or other high-risk actions. Set explicit approval and spending limits for x402 payments, decide when audit logging should block actions, protect the XPROOF_API_KEY like a password, and avoid certifying sensitive filenames or metadata unless you are comfortable with public, durable proof records.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An autonomous agent with wallet access could spend funds on proof creation, and repeated or batch calls could accumulate charges.
The skill documents an agent-driven payment flow for proof creation, including batch payments, but the artifacts do not define a user approval step, budget cap, allowance limit, or spend containment.
Agent pays in USDC on Base (eip155:8453) via the x402 facilitator ... POST /api/proof | $0.05 per certification ... POST /api/batch | $0.05 per file in batch
Require explicit user approval or a fixed spend limit before enabling x402 payments; use a low-balance wallet or disable wallet payment mode unless it is needed.
User-requested tasks could be blocked if xProof is unavailable, credits are exhausted, payment fails, or the agent applies the rule too broadly.
This instruction changes agent stopping conditions and forces use of the xProof service before broad classes of user actions.
Before any high-risk action (trade, deploy, transfer), call `audit_agent_session` with the action details. If no `proof_id` is returned, BLOCK the action.
Install only if you want this enforcement behavior; define exactly which actions require audit logging and what the agent should do on service failure.
If the key is exposed, another party could use the account's credits or interact with the proof service as that agent.
The skill uses personal API keys for authenticated proof and audit calls. This is expected for the service, but it is sensitive authority.
Then store the returned api_key: export XPROOF_API_KEY="pm_..." ... API keys are prefixed `pm_` -- treat them like passwords.
Store the key in a secret manager or private environment variable, avoid logging it, do not commit it, and rotate it if it is exposed.
A future change to the remote branch could install different instructions than the version reviewed here.
The manual install example downloads skill instructions from an unpinned GitHub branch into the local skills directory.
curl -sL https://raw.githubusercontent.com/jasonxkensei/xproof-openclaw-skill/main/xproof/SKILL.md > .agent/skills/xproof/SKILL.md
Prefer the reviewed registry package or pin the GitHub install to a specific commit and verify file contents before installation.
Sensitive filenames or identifying metadata could become publicly visible and difficult to remove.
Trial proof records are public by default, and proof metadata such as hashes, filenames, author names, and certificate links may persist outside the local agent context.
Returns the structured proof document. Public if the certification was created with `is_public=true` (default for trial users) ... `GET /api/certificates/:id.pdf` -- Downloadable PDF Certificate ... Public.
Use non-sensitive filenames and author labels, avoid including confidential details in proof or audit metadata, and confirm privacy settings before certifying sensitive artifacts.