AI守门人

The skill provides an LLM proxy with content filtering and credential redaction. It is classified as suspicious due to a shell injection vulnerability in `scripts/llm-proxy-common.sh`, where the `get_config` function interpolates the `$key` and `$CONFIG_FILE` variables directly into a `python3 -c` command string without sanitization. While the core logic in `scripts/llm-proxy.py` is security-oriented—implementing local-only binding, multi-layer regex auditing (defined in `scripts/content-filter-rules.json`), and active redaction of API keys in logs—the insecure handling of shell arguments in the helper scripts constitutes a vulnerability that could be exploited if configuration parameters were influenced by untrusted input.