ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CLI AI Proxy

v0.1.0

Manage cli-ai-proxy: local OpenAI-compatible proxy that routes requests through Gemini CLI and Claude Code, no API keys needed

0· 35·0 current·0 all-time
byLeo Liao@ilzc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, required binaries (node, npm, gemini/claude) and runtime behavior (start/stop/status, integrate with OpenClaw) align with a CLI-based proxy. The skill legitimately needs Node and the CLI tools. Minor inconsistency: registry metadata lists an npm install option but the bundled installer clones a GitHub repo and builds locally.
Instruction Scope
SKILL.md and scripts restrict actions to installing/building the proxy, starting/stopping it, checking health, and configuring ~/.openclaw/openclaw.json. The instructions reference only the proxy files, CLI binaries, and OpenClaw config — all within the stated purpose. It does instruct modifying the user's OpenClaw config and writing into $HOME, which is expected for integration.
!
Install Mechanism
Two different installation models are implied: (a) registry metadata / SKILL.md show an npm package 'cli-ai-proxy'; (b) bundled scripts/install.sh clones https://github.com/ilzc/cli-ai-proxy.git and runs 'npm install' and 'npm run build' locally. Running npm install/build pulls arbitrary dependencies and may execute postinstall scripts; the GitHub repo owner and package are not an obvious well-known vendor. This discrepancy and the need to execute third‑party Node code is the main risk.
Credentials
The skill does not request secrets or credentials. Optional env vars and config overrides (GEMINI_CLI_PATH, CLAUDE_CLI_PATH, CLI_AI_PORT) are appropriate for configuring CLI paths and the proxy port. No unrelated credentials or config paths are required.
Persistence & Privilege
The skill writes files to the user's home ($HOME/.local/share/cli-ai-proxy) and can modify ~/.openclaw/openclaw.json via its configure script — this is consistent with integrating a provider but does require filesystem writes and config modifications. always:false and user-invocable: true limit forced persistence.
What to consider before installing
This skill appears to do what it claims (a local proxy that calls Gemini/Claude CLIs), but installing it requires running third‑party Node code from an unverified source. Before installing: (1) Verify the upstream source — inspect https://github.com/ilzc/cli-ai-proxy and the npm package contents if you plan to use the registry install. (2) Review the repo's package.json and any postinstall scripts; avoid running npm install if you see unfamiliar postinstall hooks. (3) Prefer installing from an official, trusted package or reviewing/distilling the built artifacts (dist/cli.js) before running. (4) Back up ~/.openclaw/openclaw.json and be prepared to revert changes; run the installer in a restricted environment (container/VM) if possible. (5) Ensure you trust any gemini/claude CLI binaries you install separately. If you cannot verify the source and contents, treat this as higher risk and do not install on production or privileged machines.

Like a lobster shell, security has layers — review code before you run it.

claudevk9774c8s4ha4xz0391g0qxqfm983ycq1geminivk9774c8s4ha4xz0391g0qxqfm983ycq1latestvk9774c8s4ha4xz0391g0qxqfm983ycq1proxyvk9774c8s4ha4xz0391g0qxqfm983ycq1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔀 Clawdis
Binsnode, npm
Any bingemini, claude

Install

Install cli-ai-proxy via npm
Bins: cli-ai-proxy
npm i -g cli-ai-proxy

Comments