ClawHub

Azure OpenAI Proxy

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local proxy for sending OpenClaw model requests through a user-configured Azure OpenAI endpoint.

Install this only if you intend OpenClaw prompts and Azure API keys to pass through this local proxy to your Azure OpenAI resource. Keep the bind address at 127.0.0.1 unless you deliberately want network exposure, protect the OpenClaw config containing the API key, and enable a systemd service only if you want the proxy to keep running across sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest description says to use the skill 'when configuring Azure OpenAI as a model provider, when encountering 404 errors with Azure OpenAI in OpenClaw, or when needing to use Azure credits,' which describes broad situations rather than specific invocation phrases or constraints. Because it does not define clear trigger scope or exclusions, the skill could be invoked in a wider range of ordinary troubleshooting contexts than intended.

Session Persistence

Medium
Category
Rogue Agent
Content
# Enable and start
systemctl --user daemon-reload
systemctl --user enable azure-proxy
systemctl --user start azure-proxy
```
Confidence
80% confidence
Finding
systemctl --user enable

Session Persistence

Medium
Category
Rogue Agent
Content
Copy the template and configure:

```bash
mkdir -p ~/.config/systemd/user
cp scripts/azure-proxy.service ~/.config/systemd/user/

# Edit the service file with your Azure details
Confidence
60% confidence
Finding
mkdir -p ~/.config/systemd/user cp scripts/azure-proxy.service ~/.config/systemd/user/ # Edit the service file with your Azure details nano ~/.config

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal