Claude Code Custom Model Proxy
WarnAudited by ClawScan on May 16, 2026.
Overview
The skill is a plausible Claude Code proxy, but it ships with a live-looking hardcoded provider API key and can forward and log Claude Code prompts through a fixed third-party endpoint.
Review and edit the script before use. Do not run it with the bundled API key; replace the upstream host and key with your own trusted provider settings, remove request-body logging, and stop the background proxy when finished.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may unknowingly use or expose someone else's provider credential, and the key may already be compromised because it is embedded in the published skill.
The proxy includes a hardcoded provider API key instead of requiring the user to supply their own credential.
API_KEY = "sk-4194...75a"
Remove the bundled key, rotate it if it is real, and require users to provide their own provider key through an environment variable or local config file.
Claude Code prompts, code context, and possibly sensitive project data may be sent to this third-party API unless the user edits the script first.
Claude Code message bodies are forwarded to a fixed external provider endpoint using the bundled configuration.
UPSTREAM_HOST = "api.53hk.cn" ... requests.post(url, json=data, headers=headers, stream=True, timeout=120)
Make the upstream host and key explicit user-controlled settings, document the data flow prominently, and avoid safe-looking quick-start steps that run with bundled defaults.
Sensitive prompt or project snippets can be written to terminal output or to the documented `/tmp/claude_proxy.log` background log.
The proxy logs the beginning of each request body, which can include prompt text, code, file paths, or other Claude Code context.
log(f"Body: {json.dumps(body)[:300]}")Disable request-body logging by default, redact sensitive fields, and clearly warn users if logs may contain prompt or code content.
If the proxy is running, other local browser-origin code may have an easier path to invoke the proxy and read responses, depending on how the server is bound and accessed.
The message endpoint sends permissive CORS headers even though the proxy is intended for local Claude Code use.
self.send_header("Access-Control-Allow-Origin", "*")Remove wildcard CORS unless needed, bind only to localhost, and require a local-only shared secret for incoming proxy requests.
Users may see Claude-style model names in Claude Code while the actual upstream model is different.
The proxy forces a MiniMax model while also presenting Claude-compatible model names for Claude Code validation.
"model": "MiniMax-M2.7-highspeed", # ... ignore client request
Keep this behavior clearly documented in setup instructions and logs so users understand which model provider is actually handling requests.
The proxy can keep running after the immediate task, continuing to accept local requests and write logs until the user stops it.
The documentation suggests an optional background process for the proxy.
nohup python3 ~/.workbuddy/skills/claude-code-custom-model-proxy/scripts/claude_code_proxy.py > /tmp/claude_proxy.log 2>&1 &
Document how to stop the background process and recommend foreground mode for testing.