Back to skill
Skillv1.0.0
ClawScan security
Vpn Proxy Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 4:43 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions implement a V2Ray proxy manager as described, but it modifies the user's shell config and executes arbitrary commands when used in 'wrap' mode — review those behaviors before installing.
- Guidance
- This skill appears to do what it says: control a local V2Ray/Xray proxy and toggle system proxy settings. Before installing or letting an agent run it: - Manually inspect and edit scripts/v2ray-proxy.sh to set V2RAY_DIR to your V2Ray/Xray installation (ensure you trust that binary). - Note the script expects utilities like curl, pgrep/pkill, nohup; ensure those exist in your environment. - The script appends a line to ~/.bashrc; back up that file if you care about preserving your shell config. - The 'wrap' command runs arbitrary shell commands via eval — do not allow untrusted agents or workflows to call wrap with unreviewed arguments. - If you want less persistence, remove the ~/.bashrc write or change it to a safer mechanism. If you have an automated agent, restrict when/how it can invoke this skill (or require manual invocation) to limit unwanted command execution or environment changes.
Review Dimensions
- Purpose & Capability
- noteThe script's actions (start/stop V2Ray, set/clear system proxy, auto-check network, wrap commands) match the skill name and description. Minor mismatch: the metadata declares no required binaries, but the script relies on common utilities (curl, pgrep/pkill, nohup, pkill) and a local V2Ray/Xray binary; the README asks the user to edit V2RAY_DIR to point to a local installation.
- Instruction Scope
- noteSKILL.md simply instructs the agent/user to run the provided script. The script checks connectivity (curl to github.com/google.com), manages environment proxy variables, persists a marker to ~/.bashrc, launches/stops local binaries, and supports 'wrap' which runs arbitrary shell commands via eval — that last point grants the ability to execute any command the agent passes to the script (this is intended for the feature but expands execution scope).
- Install Mechanism
- okNo install spec; instruction-only skill with an included shell script. Nothing is downloaded or installed automatically by the skill.
- Credentials
- noteThe skill requests no credentials and does not contact unknown remote endpoints (only checks github.com and google.com). It does, however, set proxy-related environment variables during execution and appends a V2RAY_PROXY line to the user's ~/.bashrc to persist a marker — this is environment modification but aligns with its purpose.
- Persistence & Privilege
- concernAlthough 'always' is false, the script modifies a user file (~/.bashrc) to persist V2RAY_PROXY, and it can start background processes (v2rayN/xray). Modifying shell startup files and launching background binaries are significant persistent actions the user should review and consent to.