ClawHub

kuaidaili-proxy-ip-manager

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the advertised Kuaidaili proxy management, but it handles sensitive API and proxy credentials that users must protect.

Install only if you trust this publisher and Kuaidaili with your proxy account credentials. Treat terminal output from get_ip as secret because it may contain usable proxy usernames and passwords, and be aware that API secrets are stored locally in plaintext unless you protect or remove the config file yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes file read/write and network-capable scripts, but no permissions are declared. This creates a transparency and consent problem: users and the hosting platform may not realize the skill can persist secrets locally and make outbound requests to external services, increasing the risk of unauthorized data exposure or unexpected side effects.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill claims API keys are kept only on the user's device and 'will not be uploaded or shared', yet it also states the system sends credentials to a remote authentication endpoint to obtain a token. This is a materially misleading security statement that can cause users to disclose sensitive credentials under false assumptions, and those credentials are then transmitted off-device over the network.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The code retrieves proxy credentials from the provider API, stores them in the returned structure, and synthesizes a reusable proxy URL containing username and password. Although the formatted report masks the password in one display path, the raw return value still includes full credentials and the complete proxy address, which increases the risk of accidental logging, downstream exposure, or reuse by other components.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The CLI prints each proxy's full_address, which embeds username and password directly in stdout. In multi-user systems, terminal logs, shell history captures, CI logs, or support screenshots can expose these live proxy credentials and enable unauthorized proxy use or account abuse.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code stores secret_id, secret_key, and secret_token in a JSON file under the user's home directory without any encryption, permission hardening, or prominent disclosure at the time of storage. If the local machine is shared, compromised, backed up to less-trusted storage, or other local processes can read the file, these credentials can be exposed and reused to access the user's proxy account.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The function sends secret_id and secret_key to a remote authentication endpoint, which is expected for this integration, but there is no clear consent or disclosure at the point of use that the provided credentials will be transmitted off-host. In a skill context, users may assume credentials are only validated locally, so silent transmission increases the risk of unintended secret exposure if the endpoint, network path, or environment is not trusted.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal