TPN Proxy
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: tpn-proxy Version: 1.1.2 The skill is designed to provide decentralized SOCKS5 proxies and route web traffic through them. While this involves inherently risky capabilities like network access and command execution, the `SKILL.md` instructions and `references/security-assessment.md` explicitly detail robust security mitigations. These include mandatory input validation for all user-provided parameters, strict URL validation to prevent SSRF (rejecting internal IPs, unresolvable hostnames, shell metacharacters), explicit prohibitions against unsafe shell-based JSON parsing methods (favoring `jq` or `format=text`), and secure handling of the `TPN_API_KEY` (never echoed or logged). The instructions actively guide the AI agent to follow secure practices, rather than attempting prompt injection for malicious purposes. There is no evidence of intentional data exfiltration, persistence, or unauthorized control.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may contact TPN and retrieve public web content through a proxy rather than merely giving instructions.
The skill gives the agent authority to make network requests and use curl/proxy settings directly, which is expected for the proxy function but should be noticed.
This skill executes API calls and returns results directly ... Call the TPN API yourself (via `curl` or equivalent) ... When the user asks you to fetch a URL through a proxy, make that request yourself too.
Use it only for intended public URLs and keep the documented URL validation and internal-address rejection in place.
Installing the skill allows the agent to use the configured TPN account key for proxy generation when invoked.
The skill requires a TPN API key and uses it to generate proxy leases; this is normal for the service but grants account-level proxy-generation authority.
Environment variables | `TPN_API_KEY` — existence-checked only ... never echoed or logged
Only configure a TPN_API_KEY you are comfortable delegating to the agent, and rotate or revoke it if transcripts or environment access are exposed.
If using the x402 path, the user may be asked to approve and sign a payment with a wallet.
The reference flow includes wallet-mediated USDC approval and signing for x402 payments; this is purpose-aligned but affects payment authority.
Sign a USDC payment on Base ... const tx = await usdc.approve( pay_to, amount ) ... const signature = await authorizer.signMessage
Verify the amount, recipient, network, and wallet prompt before approving any x402 payment.