Skillv1.0.0

ClawScan security

kuaidaili-proxy-ip-manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 17, 2026, 7:55 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and network calls align with its stated purpose of managing Kuaidaili proxy accounts; nothing in the package appears to request unrelated credentials or contact unexpected endpoints.
Guidance: This skill appears to do what it says: it will ask you to provide your Kuaidaili secret_id/secret_key and then call Kuaidaili APIs to fetch IPs, check expiry, run health checks, and record local stats. Before installing or using it, consider: (1) the credentials you provide are saved in plaintext at ~/.openclaw/skills/proxy-ip-manager/config.json (the code masks logs but does not encrypt the file) — restrict file permissions or avoid reusing highly privileged keys; (2) health checks and tests will make outbound requests (default test URL is https://httpbin.org/ip) — you can change the test_url or disable checks if you prefer; (3) the package contains executable Python scripts — review the files yourself if you don't trust the author; (4) the skill will make network calls to auth.kdlapi.com and dev.kdlapi.com (expected) and will refresh tokens automatically. If any of these behaviors are unwanted, do not install or run the skill, or run it in a restricted environment. If you want, I can point out the exact lines/files where credentials are saved and where network calls are made.

Review Dimensions

Purpose & Capability: okName/description describe Kuaidaili proxy management and the included modules (api_client, config_manager, health checks, expiry, scheduler, stats) directly implement those features. There are no unrelated required binaries, env vars, or external services beyond Kuaidaili endpoints and an optional test URL (httpbin.org).
Instruction Scope: noteSKILL.md and the code instruct the agent to accept secret_id/secret_key, call Kuaidaili auth and API endpoints, run local checks, and store local config. That is within scope. Note: health checks use a configurable test_url (default https://httpbin.org/ip) which will receive outbound requests when probes run; outputs are masked when printed but the config file stores credentials locally (see below). The SKILL.md does not instruct reading unrelated host files or contacting unexpected third-party endpoints.
Install Mechanism: noteNo install spec is provided (lowest install risk). However, the bundle includes runnable Python scripts that will create files under ~/.openclaw/skills/proxy-ip-manager when used. There are no third-party downloads or URL-based installers. Risk from installation is low, but the presence of executable scripts means the agent will execute code from the package at runtime (not pure instruction-only).
Credentials: noteThe skill requests no platform environment variables and uses user-supplied service credentials (secret_id/secret_key) — this is proportionate. Important caveat: those credentials are persisted to a local JSON file (~/.openclaw/skills/proxy-ip-manager/config.json) in plaintext alongside an auto-fetched secret_token; the code masks secrets in logs but does not encrypt the file. Users should expect local storage of their API keys.
Persistence & Privilege: okalways is false and the skill only writes to its own config/stats directory under the user's home. It does not modify other skills or global agent settings. Autonomous invocation is allowed by platform default but not elevated by this skill.