ClawHub

Vpn Proxy Manager

Security checks across malware telemetry and agentic risk

Overview

This is a real V2Ray proxy helper, but it deserves review because it can run arbitrary shell commands, alter local proxy behavior, stop broad process patterns, and write to the user shell profile.

Install only if you are comfortable reviewing and editing the shell script first. Avoid using wrap with untrusted or generated command text, verify the hard-coded V2Ray path, and be aware that auto/off modes may start background processes, contact external test sites, and stop matching V2Ray/Xray processes on your machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The wrap() helper accepts arbitrary user-supplied shell text and executes it via eval, which enables shell metacharacter expansion, command chaining, and injection if any untrusted input reaches this function. In a proxy-management skill, this is broader than the stated purpose and increases the attack surface beyond simple V2Ray control.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises automatic enabling/disabling of the system proxy but does not clearly warn that this changes system-wide network behavior. Users may unintentionally route unrelated applications through the proxy, causing availability issues, traffic interception risk, or policy violations on managed networks.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The README states that the skill automatically checks reachability of external sites such as github.com and google.com, but it does not disclose that using the feature will generate outbound network requests to third-party services. This can leak usage metadata, create privacy/compliance concerns, and cause unexpected traffic in restricted environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes automatic system proxy reconfiguration based on network conditions, but provides no warning that this can reroute all traffic, disrupt connectivity, or affect security-sensitive applications. Automatic network-routing changes are risky because they can silently alter how traffic leaves the host, potentially exposing data to an unintended proxy or breaking expected trust boundaries.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The wrap() function executes arbitrary shell commands without a strong warning, confirmation, or restriction, making it easy for users or upstream tooling to trigger unintended command execution. Because it uses eval, the risk is not just normal execution but shell injection and unexpected parsing behavior.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script persistently modifies ~/.bashrc without explicit notice or opt-in, which can create lasting environment changes that survive the current session. While the current payload is only a marker variable, silent persistence in a user shell init file is risky behavior and is especially suspicious in automation tooling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal