Skillv1.0.0

ClawScan security

proxy-expert魔法搭建专家 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 1:56 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: This skill's requirements and instructions are internally consistent with an automated VPS→Reality/VLESS/sing-box proxy deployment, but it performs high‑privilege local and remote actions (SSH, key generation, storing private keys) and makes a few tooling suggestions that warrant caution.
Guidance: This skill appears to do exactly what it says: fully automate deploying a VLESS+Reality/sing-box proxy by reading local credentials, generating keys, SSHing to your VPS and writing config files. That means it will handle sensitive data and perform remote commands on your VPS. Before using it: (1) Review proxy-setup-info.txt and store only credentials you are willing to expose to the running agent; (2) Inspect any generated private keys (.proxy-keys.txt and ~/.ssh/proxy_expert_ed25519) and delete or protect them if you don't want them persisted; (3) Be cautious about following the instruction to install sshpass from a third‑party Homebrew tap — prefer paramiko or manually perform the key injection if you distrust that source; (4) If you let the agent operate autonomously, understand it can run arbitrary SSH commands on your VPS — only proceed if you trust the skill and the environment. If you want stronger safety, run the steps manually or allow the agent to produce the exact commands but require manual approval before execution.

Review Dimensions

Purpose & Capability: okName/description (end‑to‑end VLESS+Reality+sing-box proxy setup) matches the SKILL.md: it reads a local config, SSHs to a user VPS, deploys server software, generates client configs and performs tests. No unrelated credentials or services are requested.
Instruction Scope: noteThe instructions explicitly tell the agent to search the user's home for the skill directory, read/write files in the working dir and ~ (proxy-setup-info.txt, ~/.ssh, .proxy-keys.txt, generated YAML and reports), generate SSH keys, and run SSH commands (including systemctl, logs, sed). All of these are necessary to implement the described automation, but they are high‑impact actions: the agent will be executing commands locally and remotely on the user's behalf. Ensure you trust the skill before allowing autonomous execution.
Install Mechanism: okThis is an instruction-only skill with no install spec and no bundled code to be written to disk by the installer, which reduces supply‑chain risk. The runtime instructions do propose installing tools (e.g., pip install paramiko, Homebrew tap for sshpass) if missing — those are executed at runtime, not during an install step, and the guidance points to a non‑standard Homebrew tap for sshpass (hudochenkov/sshpass), which is a modest risk and worth reviewing before following.
Credentials: noteNo environment variables or external credentials are required by the skill itself. Instead, the skill uses a local file (proxy-setup-info.txt) to obtain sensitive data (VPS IP, SSH password or key path, upstream SOCKS credentials). That is proportionate to the task but you should be aware: credentials and generated private keys (e.g., Reality private_key and the temporary SSH private key) are written to local files (~/.ssh/proxy_expert_ed25519, .proxy-keys.txt) and kept unencrypted. The skill promises not to put secrets into chat logs — still verify local file protections and remove keys you don't want persisted.
Persistence & Privilege: okThe skill is not forced-always, does not ask to modify other skills, and does not request permanent platform privileges. It does write files and generate keys in the user's home directory as part of normal operation, which is expected for this functionality.