Back to skill

Security audit

Prooflane MCP Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent guide for locally cloning and running a Prooflane MCP server, with normal third-party setup risks but no evidence of hidden or malicious behavior.

Install only if you intend to run Prooflane locally from its GitHub repository. Before running setup or start commands, review the cloned repo scripts and run them in a trusted or sandboxed workspace. Provide any automation token through secure environment handling, do not commit it to files, and avoid logging it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to run local setup and startup scripts from a cloned repository without any warning that these commands execute repository-controlled code and can install dependencies, start services, or modify the local system and workspace. In an agent-skill context, this increases the risk of unsafe code execution because the document normalizes direct execution of unreviewed scripts from an external repo.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill mentions use of an authentication token for protected API surfaces but does not include guidance on secure handling of credentials. In an agent workflow, this can lead to tokens being placed in plain-text configs, logs, shell history, or shared environments, increasing the chance of accidental disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
references/OPENCLAW_MCP_CONFIG.json:11

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
references/OPENHANDS_MCP_CONFIG.json:10