ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claude CLI Proxy

v2.1.0

Set up a local HTTP proxy that routes OpenClaw model requests through Claude Code CLI using a Team/Max/Pro subscription instead of API keys, achieving $0 per...

0· 12·0 current·0 all-time
byMax@maxsorto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included scripts and instructions: the files and SKILL.md implement a local HTTP proxy that forwards OpenClaw requests to the Claude Code CLI (acpx) to use a subscription instead of API keys. Required runtime pieces (Node.js, acpx) are documented and expected for this purpose.
!
Instruction Scope
The SKILL.md and scripts forward the full OpenClaw context (system prompt, history, current message) to Claude Code and explicitly instruct copying agent identity (SOUL.md/IDENTITY.md) into CLAUDE.md and to set customInstructions. That causes private agent identity and any sensitive system prompt content to be sent to Anthropic. The proxy also writes a persistent .ccproxy-system-context.md file to disk. These behaviors are coherent with the goal (give Claude full context) but are privacy-sensitive and broader than a minimal proxy.
Install Mechanism
This is instruction-only with bundled scripts — there is no remote download/install step. Nothing is fetched from arbitrary URLs; scripts are local and run by the user. Risk from install mechanism itself is low.
!
Credentials
The skill requests no external credentials, which matches its stated method of using subscription auth. However, it instructs users to store agent identity/context files and to set ANTHROPIC_API_KEY="" (and to configure environment/autostart with that empty var). The proxy will forward all system prompts and history (potentially sensitive data) to Anthropic. Also the code expects environment-controlled values (CCPROXY_SESSION_NAME, CCPROXY_CWD) which influence shell commands and filesystem paths — these can broaden the attack surface if misconfigured.
Persistence & Privilege
The skill does not set always:true and is not requesting unusual platform privileges. It does instruct creating OS autostart entries (LaunchAgent/systemd) to run the proxy persistently; that gives a background process persistent network access to forward context whenever OpenClaw makes requests. Persistent autostart combined with forwarding full context increases privacy/availability risk but is functionally consistent with the skill's purpose.
What to consider before installing
This skill appears to do what it says — it runs a local Node proxy that calls the 'acpx' CLI so your Anthropic subscription handles model requests instead of API keys. Before installing, consider: (1) Privacy: the proxy forwards the full system prompt, recent conversation history, and any identity files you copy into CLAUDE.md to Anthropic. Do not include secrets, private prompts, or sensitive data in those files. (2) Persistence: the docs instruct creating autostart entries so the proxy runs continuously; that means any OpenClaw requests will be sent to Anthropic whenever the agent runs. (3) Local command safety: the scripts run shell commands (execSync with interpolated strings) using environment-controlled values (e.g., CCPROXY_SESSION_NAME, CCPROXY_CWD). Do not set those env vars to untrusted values, and review the scripts before running them. (4) Test in an isolated/non-production profile first: run the proxy manually, inspect logs and .ccproxy-system-context.md, and verify no sensitive content is being forwarded. If you accept the privacy tradeoffs and audit the scripts, the skill is coherent with its purpose; otherwise avoid installing.
scripts/ccproxy-ensure.js:42
Shell command execution detected (child_process).
scripts/claude-cli-proxy.js:34
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d252vcepq63xg5c60neydj9848pbf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments