ClawHub

ScopeBlind Passport

v0.4.1

Signed access control for your OpenClaw agent. Wraps MCP tool calls through protect-mcp to add per-tool policies, signed receipts, and trust tiers. Every act...

0· 95·0 current·0 all-time
byTJF@tomjwxf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim to wrap MCP calls with protect-mcp. The SKILL.md instructs exactly how to wrap OpenClaw MCP servers, generate signing keys, and use protect-mcp commands. Required binaries (npx, curl) and the suggested npm packages align with these goals.
Instruction Scope
Instructions are narrowly scoped to installing protect-mcp/@scopeblind/passport, initializing keys/policies in the current directory, modifying the agent's mcpServers entries, and calling local protect-mcp endpoints (port 9876) for approvals/receipts. The skill does not instruct reading or exfiltrating unrelated system files or contacting remote endpoints as part of normal operation.
Install Mechanism
The SKILL.md recommends 'npm install -g protect-mcp@latest @scopeblind/passport@latest' which is a normal way to install the referenced tooling but does execute arbitrary code from the npm packages. The registry metadata itself does not include a separate install spec (the install instructions are only in SKILL.md). Users should verify the protect-mcp and @scopeblind/passport packages (source, maintainers, release integrity) before running a global npm install.
Credentials
No environment variables, secrets, or external credentials are requested. The skill writes local signing keys (keys/gateway.json) and policy files into the current directory, which is necessary for signing receipts and enforcing policies; those key files should be protected by the user, but their creation is proportionate to the stated purpose.
Persistence & Privilege
The skill is not forced-always and does not request elevated platform privileges. It modifies the agent's MCP configuration (expected for wrapping tool calls) and writes its own keys/policy files locally. There is no instruction to change other skills' configurations or system-wide settings.
Assessment
This skill appears coherent for adding signed, local access-control around MCP tool calls. Before installing: (1) inspect the npm packages it asks you to install (protect-mcp and @scopeblind/passport) — check their npm pages and GitHub repos for legitimacy; (2) avoid running global installs as root if you have concerns, or install in an isolated environment; (3) be aware signing keys are created in your current directory (keys/gateway.json) — store them securely and avoid committing them to source control; (4) protect the local approval server (127.0.0.1:9876) so approvals can’t be triggered by other local processes if that matters; (5) review the included policy templates to ensure they match your risk model. If you need higher assurance, review the protect-mcp package source (or vendor a known release) before using it in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97720w0hem9fr74em86bybdms83ntj2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments