Anyone Procotol Proxy
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: anyone-proxy Version: 0.1.0 The skill is classified as suspicious due to the use of `npm install -g` in `SKILL.md`, which grants broad execution capabilities to the agent by installing a global package from an external registry. While this is necessary for the skill's stated purpose of providing a SOCKS5 proxy for IP masking and accessing hidden services, it introduces a significant supply chain risk and allows the agent to fetch and execute arbitrary code from the internet. The inherent functionality of a proxy also involves routing network traffic, which is a risky capability that could be leveraged to bypass security controls, even without explicit malicious instructions in the provided files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package gives externally supplied code the ability to run on the user's machine.
The skill asks the user to install an external NPM package globally. This is central to the skill's purpose, but it is still a supply-chain dependency users should verify.
npm install -g @anyone-protocol/anyone-client
Verify the NPM package publisher and version before installing, and prefer a pinned or locally reviewed version where possible.
Running the command starts local software that can route network traffic through the Anyone Network.
The skill instructs the user to execute the external client to start a local SOCKS5 proxy. This command execution is disclosed and necessary for the stated proxy function.
npx @anyone-protocol/anyone-client -s 9050
Run the command only when you intend to use the proxy, and stop the process when finished.
The proxy may continue operating after a single request unless the user stops it.
The proxy is designed to keep running across requests. This is expected for a proxy service, but it is a persistent local process users should be aware of.
The proxy persists across requests once started
Stop the proxy when it is no longer needed and avoid leaving it running unnecessarily.