ClawHub

ScopeBlind protect-mcp

v1.0.0

MCP security gateway. Wraps any MCP server with per-tool policies, Ed25519-signed decision receipts, and human approval gates. Shadow mode logs everything wi...

0· 61·0 current·0 all-time
byTJF@tomjwxf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the runtime instructions: the SKILL.md shows how to run 'protect-mcp' via npx/npm, configure policies, and initialize signing. Declaring npx in metadata and using an npm install is proportionate to a CLI tool delivered via the npm ecosystem.
Instruction Scope
Instructions tell the agent to run npx protect-mcp commands that wrap a server process, generate Ed25519 keypairs, and write receipts; they do not ask for unrelated system files or credentials. However the SKILL.md does not specify where keys/receipts are stored or how long they persist, which is important because secrecy and local file writes are involved.
Install Mechanism
The install recommendation uses npm (npm install -g protect-mcp@latest) and runtime uses npx. This is a standard distribution mechanism for CLI tools but it does mean remotely-published code will be downloaded and executed on the host. No install tarball from a random URL is used, but npm packages can still contain arbitrary install scripts — verify the package source/maintainers before installing globally.
Credentials
The skill requests no environment variables or external credentials, which aligns with its intended local-proxy functionality. Caveat: the tool will generate and persist cryptographic keys and receipts locally (not declared as env/config paths), so consider where those secrets land and who can read them.
Persistence & Privilege
always:false (normal). The allowed-tools include Bash/Read/Write, which are necessary for running the proxy and creating keys/files. Installing the package globally (npm -g) writes to the system/npm directories and may require elevated permissions on some systems — run with care or use a container/virtualenv.
Assessment
This skill appears internally consistent: it’s a CLI tool distributed via npm and the SKILL.md uses npx/npm in ways that match the description. However, installing and running third-party npm packages executes remote code and the tool will generate signing keys and write receipts to disk. Before installing: - Verify the npm package page, maintainers, and recent release history (don’t blindly run @latest). - Inspect the package source (npm view, GitHub repo) or run it in an isolated container or VM first. - Prefer a specific pinned version rather than @latest to avoid supply-chain surprises. - Find out where the tool stores private keys/receipts and protect those files (restrict filesystem permissions, back them up if needed). - Consider running 'npx protect-mcp --help' and reviewing docs on scopeblind.com and the npm listing before global install. If you cannot verify the package authorship or are uncomfortable granting filesystem execution rights, run the tool in an isolated environment or decline installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97efj16r0j0tasjd5hwsstdes83qp36

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments