← Back to Skills Marketplace
scorentab-afk

ProofAI

by scorentab-afk · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
144
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install proofai
Description
Provide cryptographic proof of AI decisions compliant with EU AI Act Article 12, including certification, logging, verification, and monitoring tools.
Usage Guidance
This skill sends prompts, AI outputs, and analysis to a third-party ProofAI backend (defaulting to a Supabase functions URL) and anchors evidence on Polygon. Before installing: 1) Verify the project source (review the linked GitHub repository and npm package) to confirm authorship and integrity. 2) Treat PROOFAI_API_KEY and PROOFAI_ANON_KEY as sensitive — do not provide production/secrets until you trust the service; consider a read-only or test key. 3) Avoid sending PII or secrets to the tool without explicit approval from your privacy/compliance team. 4) Confirm the npm package name/version and check its npm publisher and release history. 5) If you need stronger assurance, run the package in an isolated environment, review network calls (to the supabase URL and Polygon), and inspect server responses. The main technical inconsistency to resolve is that the registry metadata declares no required env vars while the code and SKILL.md require service keys — ask the publisher to correct that and to provide provenance (official repo, maintainer identity) before broad deployment.
Capability Analysis
Type: OpenClaw Skill Name: proofai Version: 1.0.1 The bundle implements an MCP server for 'ProofAI,' a tool designed to provide cryptographic and blockchain-based certification for AI decisions. The code (src/index.ts) functions as a wrapper for a Supabase-hosted API (apzgbajvwzykygrxxrwm.supabase.co), facilitating data compression, execution, analysis, and anchoring to the Polygon blockchain. While the tool sends prompt and response data to an external endpoint and requires API keys, this behavior is explicitly aligned with its stated purpose of AI compliance and auditing. No evidence of malicious exfiltration, unauthorized command execution, or harmful prompt injection was found.
Capability Assessment
Purpose & Capability
The code and SKILL.md are coherent with the stated purpose: they compress prompts, call a ProofAI backend, sign artifacts, and anchor hashes to Polygon. Those capabilities legitimately require an API endpoint and service keys. However, the registry metadata lists no required environment variables or primary credential while the code and SKILL.md clearly expect PROOFAI_API_KEY and PROOFAI_ANON_KEY (and optionally PROOFAI_API_URL). That metadata omission is an inconsistency you should treat as a red flag.
Instruction Scope
Runtime instructions and the included code send user prompts, AI outputs, and analysis to an external service (default API_BASE = https://apzgbajvwzykygrxxrwm.supabase.co/functions/v1). The tools may also cause the remote service to execute model calls (proofai_certify → execute) and then sign/store/anchor data. This is expected for a certification tool but means any prompt/response (potentially containing PII or secrets) will be transmitted to a third party. The SKILL.md does surface this (VirusTotal notice), but the skill gives the agent broad discretion to forward user content to external endpoints — ensure you accept that data flow.
Install Mechanism
There is no arbitrary-download install spec inside the registry entry; the SKILL.md recommends using npx/@proofai/mcp-server and the package files are standard Node.js (package.json, dist/index.js). Dependencies are from npm and look conventional. No evidence of obscure external download URLs or extracted archives in the provided files.
Credentials
The skill requires service credentials at runtime (PROOFAI_API_KEY and PROOFAI_ANON_KEY) to authenticate to the ProofAI backend, and the code will send these as headers (x-api-key and Authorization). Those credentials are proportionate to the service but the registry metadata declared no required env vars — a mismatch. Requiring a live API key (pk_live_...) and an anon key is sensitive: granting them allows the remote service to act on your behalf and to receive all certified content.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It runs as an MCP server that communicates over stdio and performs outbound network calls; autonomous invocation is allowed (default) which increases blast radius but is standard for skills. There is no evidence it persistently modifies agent configuration beyond being an MCP server binary.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install proofai
  3. After installation, invoke the skill by name or use /proofai
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Add VirusTotal disclaimer
v1.0.0
- Initial release of proofai skill providing cryptographic proof and compliance tools for AI decisions. - Includes five main tools: certify AI decisions, log and anchor past outputs, verify integrity, retrieve Polygonscan links, and generate compliance monitoring reports. - Enables tamper-evident, blockchain-anchored evidence of AI responses, meeting EU AI Act Article 12 and 72 requirements. - Setup instructions and relevant links to GitHub, npm, and regulator portal included.
Metadata
Slug proofai
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is ProofAI?

Provide cryptographic proof of AI decisions compliant with EU AI Act Article 12, including certification, logging, verification, and monitoring tools. It is an AI Agent Skill for Claude Code / OpenClaw, with 144 downloads so far.

How do I install ProofAI?

Run "/install proofai" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ProofAI free?

Yes, ProofAI is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ProofAI support?

ProofAI is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ProofAI?

It is built and maintained by scorentab-afk (@scorentab-afk); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments