← Back to Skills Marketplace

Prooflane MCP Skill

Name: Prooflane MCP Skill
Author: xiaojiou176

by Yifeng[Terry] Yu · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ⚠ suspicious

117

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install prooflane-mcp

Description

Clone, install, configure, and run Prooflane's repo-native MCP server locally for evaluation and verification without published package registry dependencies.

Usage Guidance

This packet is coherent for its stated purpose, but before you run anything: (1) inspect the upstream repository and the contents of ./scripts/setup.sh and any pnpm scripts referenced (pnpm mcp:start, mcp:check, etc.) to check for unexpected network calls, remote downloads, or privileged operations; (2) prefer cloning a specific commit/tag (pin the repo) rather than the default branch; (3) run the setup and server inside an isolated environment (VM or disposable container) and not on production hosts; (4) avoid supplying any sensitive credentials or tokens unless you audited how they are used; (5) if you need higher assurance, ask the publisher to provide a signed release, a verified organization repository, or a published package on a trusted registry so you can avoid running unreviewed repository scripts. If you can provide the contents of the repo (or the specific scripts referenced), I can re-evaluate with higher confidence.

Capability Analysis

Type: OpenClaw Skill Name: prooflane-mcp Version: 0.1.0 The skill bundle (SKILL.md, manifest.yaml, references/INSTALL.md) instructs the AI agent to clone an external GitHub repository (github.com/xiaojiou176-open/ui-automation-control-plane) and execute a setup script (./scripts/setup.sh). This pattern introduces a high risk of Remote Code Execution (RCE) as it requires the agent to run unvetted code from a third-party source. While the instructions are aligned with the stated goal of setting up the Prooflane MCP server, the requirement for broad execution permissions and the opaque nature of the external setup script make the bundle suspicious.

Capability Tags

requires-oauth-token

Capability Assessment

ℹ Purpose & Capability

Name, description, and runtime instructions align: the skill is an instruction-only scaffold to clone, install, configure, and run a repo-native MCP server. Required tools (git, Node.js, pnpm, Python) and the commands shown are consistent with that purpose. However, the canonical repo is hosted under an apparently personal/unknown GitHub account (xiaojiou176-open), which reduces provenance confidence.

⚠ Instruction Scope

SKILL.md explicitly instructs running remote install and runtime scripts from the cloned repo (./scripts/setup.sh, pnpm mcp:start and other pnpm tasks). Those commands will execute code that lives in the external repository; the skill provides no packaged code to inspect and does not sandbox or limit what those scripts do. This is expected for the stated goal but is a scope risk because arbitrary code execution is required.

ℹ Install Mechanism

There is no install spec in the skill packet (instruction-only), which is lower automation risk. However, the install path requires cloning a third-party GitHub repository and running its setup/start scripts. Downloading and executing code from an external repo is higher risk than a purely local or vetted package install — verify the repo and scripts first.

✓ Credentials

The skill does not request any secrets or environment variables in the manifest. The documented env vars (UIQ_MCP_API_BASE_URL, UIQ_MCP_TOOL_GROUPS, UIQ_MCP_PERFECT_MODE, and optionally AUTOMATION_API_TOKEN) are reasonable and relevant to running a local MCP server. AUTOMATION_API_TOKEN is optional and only needed if the server exposes token-protected HTTP APIs.

✓ Persistence & Privilege

The skill is not always-enabled, does not require platform-level privileges, and is instruction-only (it does not persist credentials or modify other skills). Autonomous invocation remains possible (default), but that is the platform norm and not by itself a reason to flag.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install prooflane-mcp
After installation, invoke the skill by name or use /prooflane-mcp
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.0

Prooflane MCP Skill 0.1.0 – Initial public skill enabling truthful, local evaluation of Prooflane's MCP. - Provides step-by-step setup, install, and verification for the repo-native MCP using the public GitHub repository. - Clarifies current boundaries: stdio-only server, no npm/hosted/SaaS distribution yet. - Outlines minimal prerequisites and environment variables for clean local deployment. - Documents essential commands for building, running, client config, and verification. - Directs users to key repo references for deeper walkthroughs, configs, and troubleshooting.

Metadata

Slug prooflane-mcp

Version 0.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Prooflane MCP Skill?

Clone, install, configure, and run Prooflane's repo-native MCP server locally for evaluation and verification without published package registry dependencies. It is an AI Agent Skill for Claude Code / OpenClaw, with 117 downloads so far.

How do I install Prooflane MCP Skill?

Run "/install prooflane-mcp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Prooflane MCP Skill free?

Yes, Prooflane MCP Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Prooflane MCP Skill support?

Prooflane MCP Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Prooflane MCP Skill?

It is built and maintained by Yifeng[Terry] Yu (@xiaojiou176); the current version is v0.1.0.

More Skills