ClawHub

Bind Protocol MCP Server Use

v2.0.0

Bind Protocol MCP server for credential verification, policy authoring, and zero-knowledge proof generation.

0· 615·0 current·0 all-time
byJason@jason-c-child
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with requested binaries (node, npx), the declared primary credential (BIND_API_KEY / agent key), and the npm package @bind-protocol/mcp-server — all are expected for running a local MCP server that proxies to Bind's API.
Instruction Scope
SKILL.md confines actions to installing/running the MCP server via npx, configuring client .mcp.json, and using local vs API-backed tools. It explicitly documents what data stays local and what is sent to the Bind API (notably, bind_submit_prove_job sends raw proof inputs). This is coherent with the stated purpose but has privacy implications users should understand before sending proof inputs to the service.
Install Mechanism
Install is via the npm package @bind-protocol/mcp-server (declared). This is a typical and expected mechanism for a Node-based MCP server. It's moderate risk compared with audited system packages — users should verify the npm package publisher/version before running npx to avoid pulling untrusted code.
Credentials
Only a single required environment variable (BIND_API_KEY) is listed as the primary credential and is directly relevant; optional vars are for URL, receipts path, and logging. No unrelated secrets or multiple unrelated credentials are requested.
Persistence & Privilege
Skill does not request always:true and does not ask to modify other skills or system-wide settings. It instructs the user how to add the server to client configs (user action). Autonomous invocation is allowed by default but not combined with other red flags.
Assessment
This skill appears coherent: it runs a local MCP server (npm package) and needs a Bind agent key (idbr_agent_...). Before installing, verify the npm package and publisher (pin a version), create an agent key with minimum scope/permissions, and confirm the org audit/rotation policy. Be aware that some API-backed operations (e.g., prove job submission) will send raw proof inputs to Bind — avoid sending sensitive data unless you trust the Bind service and have appropriately scoped the agent key. Prefer environment-variable injection (as recommended) rather than embedding keys in files, and review the package's repository or published metadata before running npx.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bkjnkwngy3wj98e9csezmmn81dpr9policiesvk97bkjnkwngy3wj98e9csezmmn81dpr9policyvk97bkjnkwngy3wj98e9csezmmn81dpr9proofsvk97bkjnkwngy3wj98e9csezmmn81dpr9w3cvk97bkjnkwngy3wj98e9csezmmn81dpr9zero-knowledgevk97bkjnkwngy3wj98e9csezmmn81dpr9zpkvk97bkjnkwngy3wj98e9csezmmn81dpr9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, npx
EnvBIND_API_KEY
Primary envBIND_API_KEY

Install

Nodenpm i -g @bind-protocol/mcp-server

Comments