V2ray Proxy
WarnAudited by ClawScan on May 10, 2026.
Overview
The proxy-management purpose is mostly coherent, but the included command wrapper uses unsafe shell evaluation and the script makes broad local proxy/process changes that should be reviewed before use.
Review and preferably modify the wrap implementation before using it. Only run this skill if you trust the local V2RayN/Xray binary at the configured path, understand that it can start/stop proxy processes and affect network behavior, and are comfortable cleaning up the ~/.bashrc marker if undesired.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A command intended only to run through the proxy could execute unintended local shell commands if unsafe text is passed to the wrapper.
The wrap command concatenates all arguments into a shell string and executes it with eval, so shell metacharacters in a command, URL, or model-supplied argument could run additional local commands.
local cmd="$*" ... eval "$cmd"
Avoid eval; execute the argument vector directly, for example by shifting to the command and running "$@", and require explicit user approval for broad or destructive commands.
Other V2Ray/Xray or v2rayN sessions on the machine could be stopped unexpectedly.
The stop/off workflow terminates processes by broad name patterns rather than tracking only the process started by this skill.
pkill -f "xray.*config" || true pkill -f "v2rayN" || true
Track the PID of the launched process or verify the process path/config before killing it, and warn the user before stopping externally started proxy processes.
The proxy application or shell-startup marker may remain after the immediate task, affecting later sessions or requiring manual cleanup.
The script can leave a background proxy application running and writes a persistent marker into the user's shell startup file.
nohup ./v2rayN > /dev/null 2>&1 & ... echo "export V2RAY_PROXY=1" >> ~/.bashrc
Document these persistent side effects clearly, avoid writing to ~/.bashrc unless the user confirms, and use the off command or manual cleanup when finished.
Users may not realize they need to verify the local proxy binary and supporting tools before running the skill.
The registry metadata does not declare provenance or required binaries, while the skill depends on an existing local V2Ray/Xray installation.
Source: unknown; Homepage: none; Required binaries (all must exist): none
Declare required tools and document how to verify or configure the V2Ray/Xray binary path before use.