ClawHub

TPN Proxy

v1.1.2

Make web requests through decentralized SOCKS5 proxies via the Tao Private Network (TPN). This skill is also known as "TPN", "TPN proxy", "subnet 65", or "SN...

2· 804·2 current·2 all-time
by@actuallymentor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (TPN proxy) align with required binary (curl) and the single required environment variable (TPN_API_KEY). The skill only requests what is necessary to call the provider API and return proxy credentials.
Instruction Scope
SKILL.md instructs the agent to call the TPN API, generate proxies, and optionally fetch user-specified URLs through those proxies. The document includes mandatory input validation, explicit JSON/shell guidelines, and an allowlist-style SSRF mitigation scheme. Residual risk: fetching arbitrary URLs through third-party exit nodes can still leak request metadata to the proxy operator and, in uncommon DNS/hosting setups, could enable unintended access — the skill documents mitigations but these cannot eliminate all real-world edge cases.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes disk-write and supply-chain risk.
Credentials
Only a single API key (TPN_API_KEY) is required and declared as the primary credential. No unrelated secrets, signing keys, or extra cloud credentials are requested.
Persistence & Privilege
always:false (no forced presence). The skill does not request elevated runtime privileges or system config paths and does not attempt to modify other skills.
Assessment
This skill appears coherent for its stated purpose, but review a few points before installing: (1) Proxy operators and exit nodes can observe traffic — do not send sensitive data through third-party proxies. (2) Although the SKILL.md contains strict validation and SSRF mitigations, fetching user-specified URLs via decentralized proxies carries residual SSRF/privacy risk (DNS differences or proxy-side routing may expose internal endpoints). (3) Store your TPN_API_KEY securely; the skill will use it to call api.taoprivatenetwork.com and will not echo it. (4) If you plan to let the agent fetch URLs on your behalf, consider restricting allowed domains or requiring explicit confirmation for each external fetch. If you need higher assurance, ask the skill maintainer for an explicit SLA/privacy statement from the TPN provider and for independent security review of the proxy network.

Like a lobster shell, security has layers — review code before you run it.

latestvk970h810xxm9z71y6yh26dbp8581bk8h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📡 Clawdis
Binscurl
EnvTPN_API_KEY
Primary envTPN_API_KEY

Comments