Security audit

通用代理管理

Security checks across malware telemetry and agentic risk

Overview

This proxy manager is mostly disclosed and purpose-aligned, but it needs review because it can download and run proxy software, change network routing, and stop or remove local proxy components from broad natural-language triggers.

Install only if you intentionally want an agent to manage your proxy setup. Review each command before execution, verify the mihomo release source and checksum yourself, avoid untrusted mirror downloads, treat subscription links/configs as credentials, and be aware the recommended provider includes affiliate-style promotion rather than neutral guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

Low

Confidence: 92% confidence
Finding: The README promotes a specific proxy provider with a referral code and commission language that is unrelated to the stated purpose of a universal proxy-management skill. This creates a conflict of interest and may steer users toward a third-party service for the author's benefit, increasing social-engineering and trust-manipulation risk even if it is not direct code execution.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are short, generic natural-language commands such as '开启代理', '关闭代理', and '代理挂了', which are likely to appear in normal conversation. In an agent environment, broad triggers can cause unintended activation of actions that download software, change network settings, or alter system state without sufficiently explicit user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README states that the skill will automatically download a binary from GitHub on first use and later manage startup, configuration, and uninstall behavior, but it does not provide clear warnings about the scope of system changes or trust boundaries. In this context, automatic retrieval and execution of networking software is especially dangerous because it can alter traffic routing, persist on the host, and expose users to supply-chain or misconfiguration risks.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad enough to activate on common troubleshooting or casual proxy-related conversations, which can cause the skill to engage unexpectedly. In this skill, unexpected activation is risky because the documented behavior includes installation, remote downloads, process termination, and system proxy changes.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The description advertises automatic installation, remote binary download, and proxy reconfiguration without an upfront warning that these actions affect the host system and network routing. Because users may invoke the skill from broad triggers, this creates a meaningful risk of surprising system modification and traffic interception behavior.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill asks for subscription URLs or Base64-encoded configs and then fetches/decodes them directly into a live proxy configuration without warning that these values may contain sensitive credentials, endpoints, or tokens. Mishandling such material could expose private proxy access, route traffic through attacker-controlled infrastructure, or import malicious configuration.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.