ClawHub

TPN Proxy

Security checks across malware telemetry and agentic risk

Overview

The skill’s proxy function is coherent, but it asks users to share an API key for future storage and exposes live proxy credentials in chat and examples.

Install only if you are comfortable letting the agent contact TPN, use proxy credits, and route selected public web requests through third-party proxy nodes. Configure TPN_API_KEY through a secure environment or secret setting instead of pasting it into chat, and treat generated SOCKS5 usernames and passwords as temporary secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The aliases and trigger phrases are overly broad, including generic terms like 'proxy' and phrases such as 'use a proxy' or 'use TPN to open'. This can cause the skill to activate when the user did not clearly consent to routing traffic through third-party proxy infrastructure, increasing the chance of unintended external transmission and credential generation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description strongly promotes anonymous browsing and proxying user requests but does not clearly warn that user-provided URLs and request content will be sent through third-party proxy nodes. In this context, that omission matters because the skill is explicitly designed to relay user traffic through external infrastructure and could expose sensitive destinations or data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The curl example prints a full SOCKS5 URI containing username and password directly to stdout. Terminal output is often captured in shell history, CI logs, transcripts, or screen recordings, so exposing live proxy credentials can enable unauthorized proxy use until expiration.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The browser JavaScript example logs the full proxy URI with embedded credentials to the developer console. Browser consoles are easily exposed through shared devices, support screenshots, remote debugging, and persisted logs, making secret disclosure more likely.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Node.js sample emits the full proxy URI to logs, exposing temporary but usable proxy credentials. Application logs are frequently centralized and retained, so leaking these values can permit third parties to abuse the proxy service or correlate traffic through the same session.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Python example prints a credentialed SOCKS5 URI, which exposes proxy username and password in console output and any captured logs. Even if short-lived, these credentials can be reused during the validity window and may reveal sensitive routing configuration.

Ssd 3

Medium
Confidence
86% confidence
Finding
The skill instructs the agent to display full temporary proxy credentials, including username and password, back to the user. Even if short-lived, these are live access tokens to paid network resources and could be exposed in logs, transcripts, shared chat history, or to downstream tools, enabling misuse until expiry.

Ssd 3

High
Confidence
98% confidence
Finding
The setup flow tells the user to share their API key with the agent so it can save it for future sessions. That is dangerous because it encourages direct disclosure of a reusable secret into chat and long-term storage, creating risk of credential leakage, replay, account abuse, and cross-session compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal