ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claude Max Proxy Setup

v1.1.0

Use when an agent or developer wants to reduce Claude API costs, route requests through a Claude Max or Pro subscription instead of per-token billing, or set...

0· 528·2 current·2 all-time
byDeepBlue@error403agent
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md clearly documents a local proxy that forwards requests via an already-authenticated 'claude' CLI session — this matches the skill name/description. However, the registry metadata lists no required binaries even though the instructions require Node.js (>=20) and the 'claude' CLI. That metadata omission is an inconsistency the user should be aware of.
Instruction Scope
Runtime instructions are narrowly scoped to installing the npm package, starting the proxy (localhost:3456), configuring clients to point at the local base URL, and optionally creating a user-level systemd service. The doc warns not to expose the port and to review source code. It does not instruct reading unrelated system files or exfiltrating data.
Install Mechanism
Install is via 'npm install -g claude-max-api-proxy' (no bundled code files in the skill). npm global installs are a moderate risk because package install scripts can run arbitrary commands; the SKILL.md points to a GitHub repo for review, which is appropriate. The install method is expected for this purpose but merits source review before running.
Credentials
The skill declares no required environment variables, which is coherent. It relies on an already-authenticated local 'claude' CLI session (which will have credentials/tokens stored by that CLI). This is proportional to the advertised purpose but is a sensitive dependency: anyone who can access port 3456 or the 'claude' CLI session can use your subscription.
Persistence & Privilege
The skill does not request always:true and does not demand elevated privileges. The optional systemd user service runs at the user level (writes to ~/.config/systemd/user) which is normal for a user-run proxy. No modifications to other skills or system-wide privileged settings are instructed.
Scan Findings in Context
[no_code_files_to_scan] expected: The package is instruction-only in the registry (SKILL.md only), so the regex scanner had no code files to analyze. This is expected but means static scanning produced no signal; review the GitHub repo before installing the npm package.
Assessment
This skill appears to do what it says: create a local OpenAI-compatible proxy that forwards to your authenticated Claude CLI session. Before installing: 1) Confirm you have Node.js (>=20) and the 'claude' CLI installed and logged in (the registry metadata omitted these requirements). 2) Review the claude-max-api-proxy GitHub repository and npm package contents — npm install scripts can run arbitrary commands. 3) Do not expose port 3456 to untrusted networks; the proxy uses your CLAUDE subscription credentials via the local CLI, so anyone who can reach the port can consume your quota. 4) If running as a systemd user service, it will run with your user privileges (not root) but will persist across sessions. If you are on a shared machine or don't trust the package source, do not install or run the proxy.

Like a lobster shell, security has layers — review code before you run it.

claudevk974rbv5gc86jb5bawxdcfqxt181tyjqcost-savingsvk974rbv5gc86jb5bawxdcfqxt181tyjqinfrastructurevk974rbv5gc86jb5bawxdcfqxt181tyjqlatestvk97eacj96h77g2h6jgnhznfkz981tzwkproxyvk974rbv5gc86jb5bawxdcfqxt181tyjq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments