Network Tools
v2.0.0Enables efficient internet access by selecting and managing local network tools with automatic proxy routing for blocked and direct connections.
⭐ 0· 142·1 current·1 all-time
byAISavior@savior-li
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description (select and manage local network tools, proxy routing, diagnostics, downloads) align with the included shell script and SKILL.md. The script implements tool detection, proxy support (defaulting to 127.0.0.1:9050), download accelerators, and diagnostics as claimed. One minor mismatch: the registry metadata claims "instruction-only," but a sizable shell script (scripts/network-tools.sh) is included and provides the actual implementation — not a functional problem, but worth noting.
Instruction Scope
SKILL.md and the script limit work to local command-line tools and validated http/https URLs. However, the skill supports arbitrary custom headers (example shows Authorization headers) and arbitrary target URLs, and it exposes an option to route traffic through a SOCKS5 proxy by default. Those features are coherent for a network tool but mean the skill can be used (by a user prompt or an agent invocation) to send secrets in headers or to contact internal endpoints (e.g., cloud provider metadata) if asked. The instructions do not tell the agent to read local files or other unrelated env vars.
Install Mechanism
No install spec or external downloads are present; the package is shipped with a shell script and docs. No installer pulls code from unknown URLs. This is low-install risk, though many external binaries are expected to be present at runtime (curl, wget, aria2c, httpie, axel, youtube-dl, ffmpeg) but those are invoked only if available.
Credentials
The skill declares no required environment variables or credentials, which matches the implementation. It does, however, set and export proxy environment variables temporarily when proxying is requested. The skill accepts arbitrary headers via command arguments which could contain secrets provided by the user — this is a capability (not a hidden demand), but it increases the potential for accidental disclosure if a user supplies secrets in headers or asks the agent to fetch internal-only endpoints.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges. It does not modify other skills or system-wide agent config. It only runs as invoked and relies on local tools.
Assessment
This skill appears to be what it claims: a wrapper around local network tools with proxy and download features. Before installing, consider: (1) the script will make arbitrary outbound requests you instruct it to make — avoid asking it to fetch internal cloud metadata or other sensitive local endpoints; (2) do not provide secrets in command arguments or headers unless you trust the skill and invocation context, since the skill can send arbitrary headers; (3) verify the presence and provenance of the local binaries it depends on (curl, wget, aria2c, httpie, axel, youtube-dl, ffmpeg) and remove/disable features you don't want (for example, proxy routing) if needed; and (4) note the package author/source is unknown — if you require a higher assurance level, review the full script (scripts/network-tools.sh) yourself or run it in a restricted environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk977pz7zpjehc30zqbg945cva984aczn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.