← Back to Skills Marketplace
171
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install scopeblind-passport
Description
Signed access control for your OpenClaw agent. Wraps MCP tool calls through protect-mcp to add per-tool policies, signed receipts, and trust tiers. Every act...
Usage Guidance
This skill appears coherent for adding signed, local access-control around MCP tool calls. Before installing: (1) inspect the npm packages it asks you to install (protect-mcp and @scopeblind/passport) — check their npm pages and GitHub repos for legitimacy; (2) avoid running global installs as root if you have concerns, or install in an isolated environment; (3) be aware signing keys are created in your current directory (keys/gateway.json) — store them securely and avoid committing them to source control; (4) protect the local approval server (127.0.0.1:9876) so approvals can’t be triggered by other local processes if that matters; (5) review the included policy templates to ensure they match your risk model. If you need higher assurance, review the protect-mcp package source (or vendor a known release) before using it in production.
Capability Analysis
Type: OpenClaw Skill
Name: scopeblind-passport
Version: 0.4.1
The scopeblind-passport skill is a security utility designed to provide signed access control and cryptographic audit logs for OpenClaw agents. It wraps MCP tool calls using the protect-mcp utility to enforce user-defined policies such as rate-limiting, blocking, or requiring manual approval for sensitive actions. The skill includes instructions for the agent to report activity summaries and manage approval flows via a local HTTP server (127.0.0.1:9876). All analyzed files (SKILL.md, README.md, and policy configurations) are consistent with the stated purpose of enhancing agent transparency and security, with no evidence of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
Name/description claim to wrap MCP calls with protect-mcp. The SKILL.md instructs exactly how to wrap OpenClaw MCP servers, generate signing keys, and use protect-mcp commands. Required binaries (npx, curl) and the suggested npm packages align with these goals.
Instruction Scope
Instructions are narrowly scoped to installing protect-mcp/@scopeblind/passport, initializing keys/policies in the current directory, modifying the agent's mcpServers entries, and calling local protect-mcp endpoints (port 9876) for approvals/receipts. The skill does not instruct reading or exfiltrating unrelated system files or contacting remote endpoints as part of normal operation.
Install Mechanism
The SKILL.md recommends 'npm install -g protect-mcp@latest @scopeblind/passport@latest' which is a normal way to install the referenced tooling but does execute arbitrary code from the npm packages. The registry metadata itself does not include a separate install spec (the install instructions are only in SKILL.md). Users should verify the protect-mcp and @scopeblind/passport packages (source, maintainers, release integrity) before running a global npm install.
Credentials
No environment variables, secrets, or external credentials are requested. The skill writes local signing keys (keys/gateway.json) and policy files into the current directory, which is necessary for signing receipts and enforcing policies; those key files should be protected by the user, but their creation is proportionate to the stated purpose.
Persistence & Privilege
The skill is not forced-always and does not request elevated platform privileges. It modifies the agent's MCP configuration (expected for wrapping tool calls) and writes its own keys/policy files locally. There is no instruction to change other skills' configurations or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install scopeblind-passport - After installation, invoke the skill by name or use
/scopeblind-passport - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.4.1
MIT license, OWASP coverage, incident policies
v0.3.3
OWASP Agentic Top 10 coverage, incident-anchored policies, Cedar support, IETF Internet-Draft
v1.0.0
- Initial release of scopeblind-passport skill.
- Adds signed access control for OpenClaw agents via protect-mcp.
- Supports per-tool policies, trust tiers, signed cryptographic receipts, and approval workflows.
- Provides commands for viewing agent identity, daily summaries, and recent receipts.
- Includes setup walkthrough, policy packs, and instructions for independent receipt verification.
Metadata
Frequently Asked Questions
What is ScopeBlind Passport?
Signed access control for your OpenClaw agent. Wraps MCP tool calls through protect-mcp to add per-tool policies, signed receipts, and trust tiers. Every act... It is an AI Agent Skill for Claude Code / OpenClaw, with 171 downloads so far.
How do I install ScopeBlind Passport?
Run "/install scopeblind-passport" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ScopeBlind Passport free?
Yes, ScopeBlind Passport is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ScopeBlind Passport support?
ScopeBlind Passport is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ScopeBlind Passport?
It is built and maintained by TJF (@tomjwxf); the current version is v0.4.1.
More Skills