Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ProofAI
v1.0.1Provide cryptographic proof of AI decisions compliant with EU AI Act Article 12, including certification, logging, verification, and monitoring tools.
⭐ 0· 52·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and SKILL.md are coherent with the stated purpose: they compress prompts, call a ProofAI backend, sign artifacts, and anchor hashes to Polygon. Those capabilities legitimately require an API endpoint and service keys. However, the registry metadata lists no required environment variables or primary credential while the code and SKILL.md clearly expect PROOFAI_API_KEY and PROOFAI_ANON_KEY (and optionally PROOFAI_API_URL). That metadata omission is an inconsistency you should treat as a red flag.
Instruction Scope
Runtime instructions and the included code send user prompts, AI outputs, and analysis to an external service (default API_BASE = https://apzgbajvwzykygrxxrwm.supabase.co/functions/v1). The tools may also cause the remote service to execute model calls (proofai_certify → execute) and then sign/store/anchor data. This is expected for a certification tool but means any prompt/response (potentially containing PII or secrets) will be transmitted to a third party. The SKILL.md does surface this (VirusTotal notice), but the skill gives the agent broad discretion to forward user content to external endpoints — ensure you accept that data flow.
Install Mechanism
There is no arbitrary-download install spec inside the registry entry; the SKILL.md recommends using npx/@proofai/mcp-server and the package files are standard Node.js (package.json, dist/index.js). Dependencies are from npm and look conventional. No evidence of obscure external download URLs or extracted archives in the provided files.
Credentials
The skill requires service credentials at runtime (PROOFAI_API_KEY and PROOFAI_ANON_KEY) to authenticate to the ProofAI backend, and the code will send these as headers (x-api-key and Authorization). Those credentials are proportionate to the service but the registry metadata declared no required env vars — a mismatch. Requiring a live API key (pk_live_...) and an anon key is sensitive: granting them allows the remote service to act on your behalf and to receive all certified content.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It runs as an MCP server that communicates over stdio and performs outbound network calls; autonomous invocation is allowed (default) which increases blast radius but is standard for skills. There is no evidence it persistently modifies agent configuration beyond being an MCP server binary.
What to consider before installing
This skill sends prompts, AI outputs, and analysis to a third-party ProofAI backend (defaulting to a Supabase functions URL) and anchors evidence on Polygon. Before installing: 1) Verify the project source (review the linked GitHub repository and npm package) to confirm authorship and integrity. 2) Treat PROOFAI_API_KEY and PROOFAI_ANON_KEY as sensitive — do not provide production/secrets until you trust the service; consider a read-only or test key. 3) Avoid sending PII or secrets to the tool without explicit approval from your privacy/compliance team. 4) Confirm the npm package name/version and check its npm publisher and release history. 5) If you need stronger assurance, run the package in an isolated environment, review network calls (to the supabase URL and Polygon), and inspect server responses. The main technical inconsistency to resolve is that the registry metadata declares no required env vars while the code and SKILL.md require service keys — ask the publisher to correct that and to provide provenance (official repo, maintainer identity) before broad deployment.dist/index.js:7
Environment variable access combined with network send.
src/index.ts:7
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97ah564033zhgcdwad8gbz3s583trc6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.