← Back to Skills Marketplace
willamhou

Formal Methods

by Will.hou · GitHub ↗ · v1.0.8 · MIT-0
cross-platform ⚠ suspicious
319
Downloads
0
Stars
0
Active Installs
9
Versions
Install in OpenClaw
/install formal-provers
Description
Formal verification with Lean 4, Coq, and Z3 SMT solver
README (SKILL.md)

formal-methods

Formal verification tools for the academic workspace. Type-check Lean 4 proofs, verify Coq theories, and solve SMT satisfiability problems with Z3.

Prerequisites

This skill requires the following binaries installed locally (declared in metadata.openclaw.requires.bins):

Binary Install
lean Lean 4 via elan
coqc Coq via opam install coq
z3 Z3 via package manager or GitHub releases

Use prover_status to check which provers are available before use. The skill gracefully handles missing binaries — only installed provers will work.

Source: github.com/Prismer-AI/Prismer (Apache-2.0)

Description

This skill invokes locally installed formal verification provers via subprocess. No Docker, containers, or external services required.

Execution model: Each invocation writes source code to a temporary directory (os.tmpdir()/formal-methods-\x3Chash>/), runs the prover binary with cwd set to that directory, captures stdout/stderr, and applies a 60-second timeout. The exact commands are:

  • Lean: lean \x3Cfilepath> — may read Lean 4 stdlib and elan-managed toolchains from ~/.elan/
  • Coq: coqc \x3Cfilepath> — may read Coq stdlib and opam-managed packages from the opam switch
  • Z3: z3 \x3Cfilepath> — self-contained, only reads the input file. Accepts declarative SMT-LIB2 format only.

Filesystem access: The skill itself only writes to the temp directory. However, Lean and Coq read their installed standard libraries and search paths (managed by elan/opam) as part of normal operation. The skill does not explicitly constrain --include paths or environment variables.

Network access: The skill does not make network requests. However, if Lean source contains import of unresolved packages, lake tooling could theoretically attempt a fetch — this is a Lean runtime behavior, not initiated by the skill. To prevent this, avoid lakefile.lean or lake-manifest.json in the temp directory (which the skill does not create).

Usage Examples

  • "Check if this Lean 4 proof type-checks"
  • "Verify my Coq induction proof"
  • "Is this SMT formula satisfiable?"
  • "What provers are available?"

Process

  1. Check availability — Use prover_status to see which provers are installed
  2. Write proof — Draft your Lean/Coq code or SMT formula
  3. Verify — Use lean_check, coq_check, or z3_solve to verify
  4. Iterate — Fix errors based on output and re-check

Tools

lean_check

Type-check Lean 4 code.

Parameters:

  • code (string, required): Lean 4 source code
  • filename (string, optional): Source filename (default: check.lean)

Returns: { success, output, errors, returncode }

Example:

{ "code": "theorem add_comm (a b : Nat) : a + b = b + a := Nat.add_comm a b" }

coq_check

Check a Coq proof for correctness.

Parameters:

  • code (string, required): Coq source code
  • filename (string, optional): Source filename (default: check.v)

Returns: { success, compiled, output, errors, returncode }

Example:

{ "code": "Theorem plus_comm : forall n m : nat, n + m = m + n.\
Proof. intros. lia. Qed." }

coq_compile

Compile a Coq file to a .vo object file.

Parameters:

  • code (string, required): Coq source code
  • filename (string, optional): Source filename (default: compile.v)

Returns: { success, compiled, output, errors, returncode }

z3_solve

Solve a satisfiability problem using Z3 with SMT-LIB2 format.

Parameters:

  • formula (string, required): SMT-LIB2 formula

Returns: { success, result, model }

Example:

{ "formula": "(declare-const x Int)\
(assert (> x 5))\
(check-sat)\
(get-model)" }

prover_status

Check which formal provers are available and their versions.

Parameters: None

Returns: { provers: { lean4: { available, version }, coq: { available, version }, z3: { available, version } } }

Notes

  • Requires provers declared in metadata.openclaw.requires.bins: lean, coqc, z3
  • Z3 only accepts declarative SMT-LIB2 format — no arbitrary code execution
  • Each invocation has a 60-second timeout (execSync with timeout: 60000)
  • Temp files are written to os.tmpdir()/formal-methods-\x3Chash>/
  • Lean/Coq will read their installed standard libraries (elan/opam managed) as part of normal type-checking
  • The skill itself makes no network requests; Lean imports should avoid lake-managed dependencies to prevent unintended fetches
Usage Guidance
This skill appears coherent and reasonable for local formal verification. Before using it: (1) ensure you trust the prover binaries you have installed; (2) avoid feeding untrusted or malicious prover inputs (they run locally and may cause heavy CPU usage or attempt runtime fetches); (3) be aware Lean/Coq read their installed stdlibs and toolchains (~/.elan, opam switches) and Lean's lake tooling can fetch dependencies if a lakefile/manifest is present — avoid including those in inputs to prevent unintended network access; (4) consider running in a sandbox or limited environment if you plan to run inputs from untrusted sources; (5) verify the skill source (GitHub link provided) if provenance matters.
Capability Analysis
Type: OpenClaw Skill Name: formal-provers Version: 1.0.8 The skill bundle provides tools for formal verification (Lean 4, Coq, Z3) that execute code via subprocesses. While the intent appears benign and aligned with academic use, the skill is classified as suspicious due to a potential shell injection vulnerability: the `lean_check`, `coq_check`, and `coq_compile` tools in `SKILL.md` accept a user-defined `filename` parameter that is directly interpolated into shell commands (e.g., `lean <filepath>`). Without explicit evidence of input sanitization in the provided documentation, this design poses a risk of arbitrary command execution if an attacker can influence the filename or code content.
Capability Assessment
Purpose & Capability
Name/description (formal verification with Lean 4, Coq, Z3) aligns with requirements: declared binaries are exactly the provers needed. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Instructions limit activity to writing inputs to a temp directory and invoking local prover binaries with a 60s timeout. However, they explicitly note that Lean/Coq will read their installed stdlibs and toolchain state (e.g., ~/.elan, opam switch), and do not constrain include paths or lake behavior — meaning prover runtime may read files outside the temp dir and (for Lean) could trigger network fetches if lake is involved. This is a legitimate runtime caveat, not an incoherence, but worth awareness.
Install Mechanism
Instruction-only skill with no install spec. It relies on existing local installations of lean, coqc, and z3 — minimal risk and proportionate for the stated purpose.
Credentials
No credentials or environment variables are required. The only implicit environment access is provers reading their own toolchain/state (expected). Nothing requests unrelated secrets or broad system credentials.
Persistence & Privilege
Skill is not always-on, is user-invocable, and does not request persistent system-wide changes or modify other skills. Its runtime footprint (temp dirs) is scoped to per-invocation temp files.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install formal-provers
  3. After installation, invoke the skill by name or use /formal-provers
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.8
Accurately describe execution model: Lean/Coq read stdlib via elan/opam, clarify network access boundaries
v1.0.7
Add source/homepage, prerequisites with install instructions, clarify sandbox mechanism
v1.0.6
Declare binary requirements in metadata, clarify sandbox boundaries and isolation
v1.0.5
Remove executable code to resolve security flags
v1.0.4
- Initial release of the "formal-provers" skill. - Added main entry point (`index.ts`) and skill manifest (`manifest.json`).
v1.0.3
- Removed two files: index.ts and manifest.json. - No changes to documentation or functionality described in SKILL.md. - Skill no longer includes main entry point and manifest.
v1.0.2
Security fix: remove container mode (port 8081) and Z3 Python format to eliminate arbitrary code execution risks
v1.0.1
- Added SKILL.md documentation detailing usage, process, and available tools. - Clarified support for Lean 4, Coq, and Z3 (SMT) provers in both standalone and container modes. - Described tool commands: lean_check, coq_check, coq_compile, z3_solve, and prover_status. - Provided parameters, return formats, and usage examples for each tool. - Documented system requirements and feature notes for different operating modes.
v1.0.0
- Initial release of the formal-provers skill for formal verification tasks. - Supports Lean 4 type-checking, Coq proof verification and compilation, and Z3 SMT solving. - Works in standalone mode (local binaries) and container mode (prover server), supporting multiple OSes. - Includes commands for checking prover availability and handling code/proofs via simple API. - Useful for verifying math/theoretical proofs, code correctness, and satisfiability problems.
Metadata
Slug formal-provers
Version 1.0.8
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 9
Frequently Asked Questions

What is Formal Methods?

Formal verification with Lean 4, Coq, and Z3 SMT solver. It is an AI Agent Skill for Claude Code / OpenClaw, with 319 downloads so far.

How do I install Formal Methods?

Run "/install formal-provers" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Formal Methods free?

Yes, Formal Methods is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Formal Methods support?

Formal Methods is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Formal Methods?

It is built and maintained by Will.hou (@willamhou); the current version is v1.0.8.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments