Stealth Proxy
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: stealth-proxy Version: 1.0.0 The 'stealth-proxy' skill (named 'vpn') is designed for legitimate VPN management, geo-access diagnostics, and network verification. It explicitly incorporates multiple security guardrails, including mandatory user authorization for network changes, transparent error handling, and the use of 'moltguard' for prompt/tool security and to prevent accidental secret leakage. The skill's instructions in SKILL.md actively defend against prompt injection and mandate auditable, verified actions. All requested permissions, binaries, and network interactions are directly aligned with its stated purpose, and there is no evidence of intentional harmful behavior, data exfiltration beyond its stated purpose, or malicious prompt injection attempts.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A blocked workflow could be retried under a different IP or region and may perform actions the user did not carefully re-approve in that new context.
After changing the network route, the skill can retry a previously blocked workflow. The example suggests a potentially financial workflow, and the artifacts do not clearly constrain the resumed task to safe, read-only actions.
re-run blocked task with bounded retries ... `blocked_task_name` (example: `prediction-market-arbitrage`) ... `risk_mode` (`diagnose-only`, `switch-and-verify`, `switch-and-resume`)
Use diagnose-only or switch-and-verify by default, and require a separate explicit confirmation before resuming any workflow that can trade, post, purchase, modify accounts, or affect third-party services.
Your machine's traffic may be routed through a VPN, WireGuard profile, or Tailscale exit node, which can affect connectivity, privacy, and service access.
The skill intentionally uses shell-level tooling to control VPN or exit-node routing. This is purpose-aligned, but it is high-impact because it can change local network behavior.
Use as control plane: - executable detection, - connect/disconnect wrappers, - retry and cleanup logic ... `tailscale up --exit-node=<node>`
Only run it with a tunnel path you trust, verify the selected region and exit node/profile, and confirm there is a clear disconnect or rollback step.
The agent may operate through an authenticated VPN or tailnet account and change routing using that account's privileges.
The skill depends on existing VPN, WireGuard, or Tailscale authorization. This is expected for the stated purpose, but users should recognize that it uses local account/session authority.
Required access: - valid account/session for selected tunnel path - local executable for selected path (`nordvpn`/`mullvad`/`expressvpn` or `wg` or `tailscale`)
Use a dedicated, least-privileged tunnel profile where possible, and do not provide access to VPN or tailnet accounts that should not be controlled by the agent.
Running the setup block may install or update multiple agent skills, potentially changing tool behavior outside this VPN workflow.
The setup instructions rely on latest-version installs and include an update-all command. This is user-directed setup, but it can change installed skills beyond this one.
npx -y clawhub@latest install shell-scripting ... npx -y clawhub@latest install moltguard ... npx -y clawhub@latest update --all
Install only the dependencies you need, review each dependency, and avoid update-all unless you intend to update every installed skill.
External services may receive your public IP information, geolocation query data, or selected prompt/tool content if those optional modes are enabled.
The skill may use external provider APIs for IP/geolocation verification and optional prompt/tool-content screening. This is disclosed and purpose-aligned, but it can involve sending network metadata or workflow content to third-party services.
Optional keys: - `MOLTGUARD_API_KEY` ... - `IPINFO_TOKEN` ... Use as prompt/tool security guardrail: - sanitize sensitive prompt/tool content
Enable optional remote checks only when needed, avoid sending secrets in prompts or logs, and confirm which provider receives which data.