← 返回 Skills 市场
ProofAI
作者
scorentab-afk
· GitHub ↗
· v1.0.1
· MIT-0
144
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install proofai
功能描述
Provide cryptographic proof of AI decisions compliant with EU AI Act Article 12, including certification, logging, verification, and monitoring tools.
安全使用建议
This skill sends prompts, AI outputs, and analysis to a third-party ProofAI backend (defaulting to a Supabase functions URL) and anchors evidence on Polygon. Before installing: 1) Verify the project source (review the linked GitHub repository and npm package) to confirm authorship and integrity. 2) Treat PROOFAI_API_KEY and PROOFAI_ANON_KEY as sensitive — do not provide production/secrets until you trust the service; consider a read-only or test key. 3) Avoid sending PII or secrets to the tool without explicit approval from your privacy/compliance team. 4) Confirm the npm package name/version and check its npm publisher and release history. 5) If you need stronger assurance, run the package in an isolated environment, review network calls (to the supabase URL and Polygon), and inspect server responses. The main technical inconsistency to resolve is that the registry metadata declares no required env vars while the code and SKILL.md require service keys — ask the publisher to correct that and to provide provenance (official repo, maintainer identity) before broad deployment.
功能分析
Type: OpenClaw Skill
Name: proofai
Version: 1.0.1
The bundle implements an MCP server for 'ProofAI,' a tool designed to provide cryptographic and blockchain-based certification for AI decisions. The code (src/index.ts) functions as a wrapper for a Supabase-hosted API (apzgbajvwzykygrxxrwm.supabase.co), facilitating data compression, execution, analysis, and anchoring to the Polygon blockchain. While the tool sends prompt and response data to an external endpoint and requires API keys, this behavior is explicitly aligned with its stated purpose of AI compliance and auditing. No evidence of malicious exfiltration, unauthorized command execution, or harmful prompt injection was found.
能力评估
Purpose & Capability
The code and SKILL.md are coherent with the stated purpose: they compress prompts, call a ProofAI backend, sign artifacts, and anchor hashes to Polygon. Those capabilities legitimately require an API endpoint and service keys. However, the registry metadata lists no required environment variables or primary credential while the code and SKILL.md clearly expect PROOFAI_API_KEY and PROOFAI_ANON_KEY (and optionally PROOFAI_API_URL). That metadata omission is an inconsistency you should treat as a red flag.
Instruction Scope
Runtime instructions and the included code send user prompts, AI outputs, and analysis to an external service (default API_BASE = https://apzgbajvwzykygrxxrwm.supabase.co/functions/v1). The tools may also cause the remote service to execute model calls (proofai_certify → execute) and then sign/store/anchor data. This is expected for a certification tool but means any prompt/response (potentially containing PII or secrets) will be transmitted to a third party. The SKILL.md does surface this (VirusTotal notice), but the skill gives the agent broad discretion to forward user content to external endpoints — ensure you accept that data flow.
Install Mechanism
There is no arbitrary-download install spec inside the registry entry; the SKILL.md recommends using npx/@proofai/mcp-server and the package files are standard Node.js (package.json, dist/index.js). Dependencies are from npm and look conventional. No evidence of obscure external download URLs or extracted archives in the provided files.
Credentials
The skill requires service credentials at runtime (PROOFAI_API_KEY and PROOFAI_ANON_KEY) to authenticate to the ProofAI backend, and the code will send these as headers (x-api-key and Authorization). Those credentials are proportionate to the service but the registry metadata declared no required env vars — a mismatch. Requiring a live API key (pk_live_...) and an anon key is sensitive: granting them allows the remote service to act on your behalf and to receive all certified content.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It runs as an MCP server that communicates over stdio and performs outbound network calls; autonomous invocation is allowed (default) which increases blast radius but is standard for skills. There is no evidence it persistently modifies agent configuration beyond being an MCP server binary.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install proofai - 安装完成后,直接呼叫该 Skill 的名称或使用
/proofai触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Add VirusTotal disclaimer
v1.0.0
- Initial release of proofai skill providing cryptographic proof and compliance tools for AI decisions.
- Includes five main tools: certify AI decisions, log and anchor past outputs, verify integrity, retrieve Polygonscan links, and generate compliance monitoring reports.
- Enables tamper-evident, blockchain-anchored evidence of AI responses, meeting EU AI Act Article 12 and 72 requirements.
- Setup instructions and relevant links to GitHub, npm, and regulator portal included.
元数据
常见问题
ProofAI 是什么?
Provide cryptographic proof of AI decisions compliant with EU AI Act Article 12, including certification, logging, verification, and monitoring tools. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 144 次。
如何安装 ProofAI?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install proofai」即可一键安装,无需额外配置。
ProofAI 是免费的吗?
是的,ProofAI 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ProofAI 支持哪些平台?
ProofAI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ProofAI?
由 scorentab-afk(@scorentab-afk)开发并维护,当前版本 v1.0.1。
推荐 Skills