critical
suspicious.exposed_resource_identifier
- Location
- CLAUDE.md:46
- Finding
- Plaintext HTTP endpoint targets a CGNAT/Tailscale-range address.
Bootleg-Link MCP
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
Detected: suspicious.exposed_resource_identifier
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernMedium Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
If this configuration is copied or active, requested media URLs and download traffic could be sent through an unknown proxy, or the skill may fail on systems that cannot reach that private address.
Why it was flagged
The repository guidance shows an OpenClaw gateway configuration that would route download traffic through a specific private/plaintext proxy whose owner and data boundary are unclear.
Skill content
"BOOTLEG_HTTP_PROXY": "http://100.64.0.3:1081", "BOOTLEG_HTTPS_PROXY": "http://100.64.0.3:1081"
Recommendation
Remove the hard-coded proxy from published guidance, require users to supply their own proxy if needed, and clearly declare any proxy environment variables and data-flow implications.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
A large playlist or channel download could use significant storage and network resources.
Why it was flagged
The tool lets the agent submit URLs or channels for download and choose an output directory, which is central to the skill but can create many files and consume bandwidth/disk space.
Skill content
`submit_download_task` | Submit a YouTube URL/channel for audio download ... "outputDir": "/path/to/output"
Recommendation
Use a dedicated output directory, confirm large downloads before starting them, and monitor queue size and disk usage.
NoteHigh Confidence
ASI10: Rogue AgentsWhat this means
Downloads may resume after a restart without the user re-submitting the task.
Why it was flagged
The server persists task state and automatically re-queues interrupted or partially completed tasks on restart.
Skill content
if t["status"] == "downloading": t["status"] = "pending" ... elif t["status"] == "failed" and t.get("songsCompleted", 0) > 0: t["status"] = "pending"Recommendation
Review and cancel unwanted queued tasks before restarting the MCP server, and consider making auto-resume behavior explicit in user-facing documentation.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Future dependency changes could alter behavior or introduce vulnerabilities.
Why it was flagged
The dependency is unpinned, and the docs also mention manual pip installation; this is common for Python tools but leaves package version and provenance to the installer.
Skill content
yt-dlp
Recommendation
Pin dependency versions, provide a lockfile or reviewed install spec, and install from trusted package sources.