ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Anyone Procotol Proxy

v0.1.0

This skill enables IP address masking and accessing hidden services on the Anyone Network. Route requests through the Anyone Protocol VPN network using a local SOCKS5 proxy.

0· 2.7k·3 current·3 all-time
by@ra3ka
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description, the declared dependency (@anyone-protocol/anyone-client in SKILL.md), and the runtime instructions all align: the skill's purpose is to run a local SOCKS5 proxy that routes traffic through the Anyone Network, and the SKILL.md shows how to install and start that client.
!
Instruction Scope
The SKILL.md instructs the agent/operator to install an npm package globally and to start a local SOCKS5 proxy that 'persists across requests.' Running such a proxy allows arbitrary traffic (including potentially sensitive agent data) to be routed through the Anyone Network. The instructions do not require or request unrelated local files or credentials, but they do give broad discretion to route traffic and persist the proxy, which could be abused if the package or network is malicious or misconfigured.
!
Install Mechanism
There is no formal install spec in the registry entry; instead the SKILL.md tells you to run npm install -g and npx for @anyone-protocol/anyone-client. Installing and executing code from npm is a moderate-risk operation because packages can include arbitrary code and postinstall hooks. The SKILL.md does not pin a version, provide checksum/integrity, or point to a verified source repo for the package.
Credentials
The skill does not request environment variables, system config paths, or unrelated credentials. The requested capability (a network proxy) does not require additional secrets in the metadata provided.
Persistence & Privilege
always:false (normal). However the instructions state the proxy 'persists across requests' once started. While the skill does not request always:true or system-level config changes, a persistent proxy can change the agent's network behavior long-term. Autonomous invocation is allowed by default (disable-model-invocation:false), which combined with a persistent proxy increases the blast radius if the package or network is malicious.
What to consider before installing
This skill is coherent with its stated purpose (running an Anyone Network SOCKS5 proxy) but it requires installing and running an unvetted npm package that will route traffic through a third‑party anonymity network. Before installing or running it: 1) Verify the package's source — check the package on npm, its GitHub repository, maintainers, recent releases, and issues; 2) Prefer installing in an isolated environment (container, VM, or sandbox) rather than globally on your machine or host that runs agents; 3) Pin to a specific package version and, if possible, verify integrity (checksums); 4) Audit the package code (especially install/postinstall scripts) or rely on a vetted mirror; 5) Understand that once running, the proxy can carry any agent traffic (including secrets if you don't restrict what gets routed) — do not route sensitive requests until you trust the client/network; 6) Consider logging/monitoring network usage and starting the proxy manually under your control rather than letting the agent start it automatically. If you cannot verify the package and its maintainers, treat this skill as high-risk and avoid installing it on production or privileged hosts.

Like a lobster shell, security has layers — review code before you run it.

anyonevk97dx2jkayz4a0mec0y8ywp751802tjbanyone-protocolvk97dx2jkayz4a0mec0y8ywp751802tjblatestvk97dx2jkayz4a0mec0y8ywp751802tjbproxyvk97dx2jkayz4a0mec0y8ywp751802tjb
2.7kdownloads
0stars
5versions
Updated 9h ago
v0.1.0
MIT-0
@ra3ka
anyoneanyone-protocollatestproxy
Download

Anyone Protocol Proxy

This skill enables Clawdbot to route requests through the Anyone Protocol network.

How It Works

The skill uses the @anyone-protocol/anyone-client NPM package to:

  1. Start a local SOCKS5 proxy server (default port: 9050)
  2. Create encrypted circuits through the Anyone Network
  3. Route traffic through these circuits
  4. Return responses while keeping the origin IP hidden

Setup

Install anyone-client

npm install -g @anyone-protocol/anyone-client

Start the proxy

npx @anyone-protocol/anyone-client -s 9050

Usage

Once the proxy is running, route requests through it:

# Using curl to verify IP
curl --socks5-hostname localhost:9050 https://check.en.anyone.tech/api/ip

import { Anon } from "@anyone-protocol/anyone-client";
import { AnonSocksClient } from "@anyone-protocol/anyone-client";

async function main() {
    const anon = new Anon();
    const anonSocksClient = new AnonSocksClient(anon);

    try {
        await anon.start();
        // Wait for circuits to establish
        await new Promise(resolve => setTimeout(resolve, 15000));
        
        const response = await anonSocksClient.get('https://check.en.anyone.tech/api/ip');
        console.log('Response:', response.data);
        
    } catch(error) {
        console.error('Error:', error);
    } finally {
        await anon.stop();
    }
}

main();

Notes

  • First connection may take up to 30 seconds while circuits are established
  • The proxy persists across requests once started

Comments

Loading comments...