ClawHub
Back to skill
v1.0.1

V2ray Proxy

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:03 AM.

Analysis

The proxy-management behavior mostly matches the stated purpose, but the skill should be reviewed because its command wrapper can execute arbitrary shell syntax and it makes broad local process and shell-startup changes.

GuidanceInstall only if you understand and trust the configured local V2Ray/v2rayN binary. Prefer using the explicit `on`, `off`, `status`, and `test` commands; avoid `wrap` for commands built from URLs, filenames, or other untrusted text unless the script is changed to remove `eval`.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityMediumConfidenceHighStatusConcern
scripts/v2ray-proxy.sh
wrap() {
    local cmd="$*"
    ...
    eval "$cmd"
    ...
    eval "$cmd" || result=$?
}

The wrapper builds a single shell string from all supplied arguments and executes it with `eval`; this is an unbounded command-execution path inside a proxy-management skill.

User impactIf the agent wraps a command containing untrusted text, such as a URL or filename with shell metacharacters, unintended local commands could run.
RecommendationAvoid using `wrap` with untrusted or generated arguments. Replace `eval` with safe argv execution, such as executing the command array directly, and require explicit user confirmation for arbitrary command wrapping.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/v2ray-proxy.sh
pkill -f "xray.*config" || true
pkill -f "v2rayN" || true

Stopping the proxy is expected, but these broad process-name matches can terminate any matching Xray/V2Ray/v2rayN process rather than only a process started by this script.

User impactUsing `off`, `stop`, or automatic mode could interrupt an unrelated proxy process that happens to match the same command pattern.
RecommendationScope process management to a configured executable path or PID file and clearly disclose that automatic mode may stop a running proxy.
Rogue Agents
SeverityLowConfidenceHighStatusNote
scripts/v2ray-proxy.sh
echo "# V2Ray Proxy (managed by OpenClaw)" >> ~/.bashrc
echo "export V2RAY_PROXY=1" >> ~/.bashrc

The script automatically appends a persistent environment marker to the user's shell startup file when enabling the proxy.

User impactFuture shell sessions may inherit this marker, and the skill does not provide a matching cleanup step for the `~/.bashrc` change.
RecommendationAsk before modifying shell startup files, document the change, and provide a removal command.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/v2ray-proxy.sh
V2RAY_DIR="/media/felix/d/v2rayN-linux-64"
...
cd "$V2RAY_DIR"
nohup ./v2rayN > /dev/null 2>&1 &

The skill runs an external local executable from a hard-coded, user-specific path that is not included in the skill package.

User impactThe actual proxy program being launched is outside the reviewed artifact set, so users must ensure the configured local binary is the intended V2Ray/v2rayN installation.
RecommendationDeclare the dependency, make the path configurable, and instruct users to verify the local executable before use.