ClawHub

Magic Internet Access

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it fetches untrusted free proxy configurations that should not be used for sensitive accounts.

Install only if you intentionally want an assistant that scrapes and tests free public proxy nodes. Treat returned nodes as untrusted: they may log, block, or tamper with traffic, and local cache files may contain usable proxy credentials. Avoid banking, email, work accounts, or other sensitive activity through these nodes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tainted flow: 'output_path' from os.environ.get (line 133, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
print(f"Total: {len(all_nodes)}, Unique: {len(unique)}, Protocols: {protocols}")
    result = {"scraped_at": datetime.now().isoformat(), "total": len(unique), "protocols": protocols, "nodes": unique}
    os.makedirs(os.path.dirname(output_path), exist_ok=True)
    with open(output_path, 'w', encoding='utf-8') as f:
        json.dump(result, f, ensure_ascii=False, indent=2)
    print(f"Saved {len(unique)} nodes to {output_path}")
Confidence
94% confidence
Finding
with open(output_path, 'w', encoding='utf-8') as f:

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill is explicitly designed to trigger on a wide range of ordinary user phrases about internet access, Google, Telegram, and 'magic internet,' which can cause unsolicited activation in normal conversation. In this context, accidental triggering is more dangerous because the skill's behavior is to guide users toward scraping and importing third-party proxy configurations for censorship circumvention.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README promotes automatic scraping of free proxy nodes and direct delivery of third-party configurations without warning users about trust, interception, malware, credential theft, logging, or legal/policy risks. Because the skill targets non-technical users and emphasizes 'zero config,' it increases the chance that users will import untrusted network configurations without understanding the security consequences.

Vague Triggers

High
Confidence
93% confidence
Finding
The trigger list is extremely broad and includes common phrases about internet problems, Telegram access, and generic 'magic' wording, making accidental activation likely. In this skill's context, accidental activation is more dangerous because activation leads directly into instructions to run a script and assist with censorship-bypass tooling, expanding exposure to unwanted code execution and policy-sensitive behavior.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script stores full scraped proxy node objects to disk, including secrets extracted from subscription URIs such as UUIDs, passwords, and server endpoints. Because this skill is specifically designed to gather and operationalize third-party proxy credentials, persisting them in plaintext JSON creates a significant exposure risk through local compromise, backups, logs, or later unintended reuse, and the skill context increases concern because many of these credentials are sourced from untrusted public feeds.

Ssd 4

Medium
Confidence
94% confidence
Finding
The step-by-step flow walks users from 'can't access Google' to obtaining and importing scraped proxy nodes, lowering the barrier to using untrusted circumvention infrastructure. In this skill's context, the guided narrative materially increases risk because it operationalizes third-party proxy acquisition for beginners who may not understand surveillance, tampering, endpoint compromise, or policy/legal implications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal