ClawHub

Proxy4agent

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides residential-proxy access for agents, but its advertised anti-bot bypass and arbitrary-site fetching need careful review before installation.

Install only if you have an authorized, policy-compliant need to access public web content through a residential proxy. Use dedicated provider credentials, monitor usage and billing, avoid internal URLs, secrets, private authenticated pages, and personal data, and require explicit user approval before using it for blocked sites, CAPTCHA or Cloudflare challenges, login flows, or scraping workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The skill explicitly markets residential proxies as a way to 'bypass anti-bot' protections, which normalizes using the tool against access controls without requiring proof of authorization or compliant-use restrictions. In an agent context, this increases the likelihood of automated scraping, evasion of site defenses, and misuse against third-party services in ways that can violate terms, trigger abuse, or facilitate unauthorized data collection.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
The tool documentation states that fetch works on Cloudflare-protected and other anti-bot-protected sites, effectively instructing users to use the skill to evade defensive controls. Because this is packaged for AI agents, the lack of authorization checks or safe-use guardrails makes automated misuse easier and more scalable than a general proxy utility.

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal