← 返回 Skills 市场
jasonxkensei

xProof — Blockchain Proof for Agents

作者 xKensei · GitHub ↗ · v1.3.0 · MIT-0
cross-platform ⚠ suspicious
762
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install xproof
功能描述
Proof and accountability layer for AI agents. Anchor verifiable proofs on MultiversX, enforce audit logging, detect violations on Base. REST API, MCP, x402....
安全使用建议
Before installing or invoking: (1) Verify the origin — confirm xproof.app and the referenced GitHub repo (jasonxkensei) are the official maintainers and that the files are signed or published by the same entity listed in the registry. (2) Do not run the Quick Install curl commands without inspection; they will fetch and write remote files into your .agent/skills folder. (3) If you use webhooks, point them only at endpoints you control and validate X-Webhook-Signature HMACs to avoid inadvertent data leaks (filename/hash/timestamp). (4) Understand x402: agents may need a USDC balance on Base and will make on-chain payments; restrict or audit any automatic payment behavior to avoid unexpected charges. (5) Treat API keys (pm_...) as sensitive; store them securely and do not commit them. (6) If you want higher confidence, ask the publisher for source code or signed releases, or request an explicit mapping between registry owner, GitHub repo, and homepage; providing that would increase confidence and could move this assessment toward benign.
功能分析
Type: OpenClaw Skill Name: xproof Version: 1.3.0 The xProof skill implements a mandatory 'Audit Log Standard' that requires the agent to exfiltrate metadata about every critical decision (including action descriptions, risk levels, and input hashes) to an external third-party service (xproof.app). Furthermore, the SKILL.md contains prompt-injection-style instructions commanding the agent to 'BLOCK execution' and allow 'No soft fail' if the third-party service is unavailable, effectively establishing a remote kill-switch and high-telemetry dependency. The installation process also relies on fetching remote markdown files via curl from a personal GitHub repository (jasonxkensei/xproof-openclaw-skill).
能力评估
Purpose & Capability
The skill's name/description (anchoring proofs on MultiversX, audit logging, Base violation detection) matches the REST/MCP/x402 instructions. However there are provenance mismatches: quick-install examples fetch SKILL.md and references from a GitHub user repo (raw.githubusercontent.com/jasonxkensei/...) while the registry owner and homepage differ; SKILL frontmatter version (3.0.0) doesn't match registry version (1.3.0). These mismatches don't prove malice but reduce confidence in origin integrity.
Instruction Scope
Runtime instructions direct the agent to compute local SHA-256 hashes and POST them to https://xproof.app (expected). Concerns: (1) webhook_url field allows the service to POST confirmations to any HTTPS URL — if an agent populates that with attacker-controlled endpoints it can leak metadata (hash, filename, timestamps); (2) x402 flow instructs agents to make on-chain USDC payments on Base, which can cause monetary charges if invoked automatically; (3) Quick Install shows curl commands to fetch files from a remote GitHub repo and write them into .agent/skills — executing those commands blindly would pull remote content into the agent runtime.
Install Mechanism
There is no formal install spec (instruction-only). The Quick Install examples use curl to pull files from raw.githubusercontent.com (a public release host), which is a common pattern but still writes external content into .agent/skills if run. Because these are human-facing instructions (not an automated install spec), risk is moderate: safe if user verifies sources, risky if executed blindly.
Credentials
The skill declares no required env vars or primary credential, but documents two auth modes: API key (XPROOF_API_KEY) and x402 payments. Requesting an API key for the service is proportionate. The payment mode requires the agent to hold USDC on Base and perform on-chain payments; this is a capability that is coherent with x402 but has real monetary impact and increases attack surface if an attacker tricks an agent into paying.
Persistence & Privilege
The skill does not request always:true, has no declared system config paths, and is instruction-only. It does include PR_INSTRUCTIONS encouraging adding files to another GitHub repo — this is outside runtime scope but not an automatic change to agent configuration. No evidence the skill would modify other skills or require elevated persistence.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install xproof
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /xproof 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.0
**Major update with security, audit, and protocol enhancements.** - New agent audit log system ("no proof = no execution") for pre-execution proof & accountability. - Adds anomaly/violation detection and records violations on Base; enables webhook/policy automation. - Expanded protocol support: full REST API, MCP (JSON-RPC 2.0), and x402 (walletless payment). - Improved documentation structure — modular skill, certification, MCP, and x402 references. - Enhanced batch certification, dynamic badges, verifiable PDF proofs, and webhook notifications. - Stronger security guidance; API keys and payment guidance updated. Added GET /api/proof/hash/:hash and GET /api/artifact/trust/:hash endpoints for CLI verify and trust commands
v1.2.0
Initial release. Certify agent outputs on MultiversX blockchain. Supports API key and x402 payment, MCP server, MX-8004 validation loop, batch certification up to 50.
元数据
Slug xproof
版本 1.3.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

xProof — Blockchain Proof for Agents 是什么?

Proof and accountability layer for AI agents. Anchor verifiable proofs on MultiversX, enforce audit logging, detect violations on Base. REST API, MCP, x402.... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 762 次。

如何安装 xProof — Blockchain Proof for Agents?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install xproof」即可一键安装,无需额外配置。

xProof — Blockchain Proof for Agents 是免费的吗?

是的,xProof — Blockchain Proof for Agents 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

xProof — Blockchain Proof for Agents 支持哪些平台?

xProof — Blockchain Proof for Agents 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 xProof — Blockchain Proof for Agents?

由 xKensei(@jasonxkensei)开发并维护,当前版本 v1.3.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论