Back to skill

Security audit

WSL Proxy

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: help WSL2 use a Windows-hosted HTTP proxy, with some normal proxy-routing risks users should understand.

Install only if you intentionally want WSL2 command-line traffic to use a Windows proxy. Run setup_proxy.sh once without eval to inspect the detected host, port, and exports, and only add the bashrc/zshrc snippet if you want proxy settings to persist in new shells.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documents shell execution and environment modification but does not declare corresponding permissions. This undermines informed consent and platform policy enforcement, because users or orchestration layers may invoke shell-capable behavior without an explicit permission boundary. In this context, the shell capability is central to the skill, so the omission is a real security-relevant issue rather than a documentation nit.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger scope is broad enough to match many generic networking, VPN, proxy, and external-access requests, increasing the chance the skill is auto-invoked outside its narrow WSL2-on-Windows context. That can cause unintended port probing or proxy reconfiguration in irrelevant sessions, which is risky because the skill changes network behavior and could route traffic through an unexpected local service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly performs automatic scanning of common ports on the Windows host and instructs users to eval shell output that sets proxy variables, but it does not provide a clear warning or consent step. Local port probing can reveal host-side services, and silently modifying http_proxy/https_proxy can redirect subsequent command-line traffic through an unintended endpoint, affecting confidentiality and integrity of network operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script actively sends a real HTTP request to httpbin.org while probing a local proxy, which causes external network transmission without explicit user consent or clear warning. In a proxy-detection skill, this leaks metadata such as the fact that the system is running the script and may trigger unintended outbound traffic through a sensitive or monitored proxy path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.