ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CLIProxy FREE API

v1.0.0

Deploy and configure CLIProxyAPI, expose its dashboard safely, connect OAuth providers like Claude Code, Gemini, Codex, Qwen, and iFlow, generate a reusable...

0· 180·1 current·1 all-time
by@ayder21

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ayder21/cliproxy-openclaw.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "CLIProxy FREE API" (ayder21/cliproxy-openclaw) from ClawHub.
Skill page: https://clawhub.ai/ayder21/cliproxy-openclaw
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cliproxy-openclaw

ClawHub CLI

Package manager switcher

npx clawhub@latest install cliproxy-openclaw
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (install CLIProxyAPI, expose dashboard, add OAuth providers, produce an API endpoint/key, integrate with OpenClaw) matches the included documentation and the single smoke-test script. Nothing in the bundle requests unrelated credentials or capabilities.
Instruction Scope
SKILL.md instructs the agent to inspect the host environment (OS, presence of Docker/systemd/nginx/Caddy, firewall state) and to perform deployment and reverse-proxy configuration. These actions are coherent with installing a server-side service but imply the operator or agent will need local system access and possibly elevated privileges; the skill does not attempt to read or exfiltrate unrelated files or env vars in its instructions.
Install Mechanism
This is an instruction-only skill with no install spec. That is low-risk: it won't automatically download/execute code. The included references advise cloning upstream and running its install steps, which is expected for a deployment helper.
Credentials
No environment variables or credentials are declared or required by the skill package itself, which is appropriate since OAuth tokens and API keys are expected to be provisioned inside the deployed CLIProxy instance or entered interactively. The docs explicitly treat API keys and OAuth tokens as sensitive. Users should note the skill will ask them to capture and share base URLs, keys, and model names for integration—these are necessary for the stated task but must be handled securely.
Persistence & Privilege
The skill does not request persistent always-on inclusion, nor does it modify other skills or system-wide agent settings in the package. It only contains guidance and a smoke-test script; no background daemon or automatic persistence is installed by the skill itself.
Assessment
This skill appears coherent and focused on deploying and integrating CLIProxyAPI. Before proceeding: (1) verify the upstream CLIProxy project you will clone — this skill has no homepage/source URL in its metadata, so confirm the correct project repository and trustworthiness; (2) be prepared to run commands that may require sudo/root rights and to create systemd units or reverse-proxy configurations—review commands before executing; (3) never paste OAuth client secrets or long-lived API keys into public chat—treat them as sensitive and use secure transfer methods; (4) when exposing the dashboard publicly, follow the reverse-proxy and HTTPS guidance and confirm firewall rules and reachable URLs; (5) the included smoke-test script will send your API key in curl requests—avoid running it in logs or contexts where the key might be captured. If you want tighter assurance, ask the skill author for the exact upstream repository URL and for an explicit checklist of commands the agent will propose before executing anything on a host.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

OSLinux · macOS
latestvk976yfd4ezb6dqrjh3e0h7ahfh83gejz
180downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Linux, macOS
@ayder21
latest
Download

CLIProxy + OpenClaw

Use this skill when the user wants to:

  • install or deploy CLIProxyAPI
  • expose the CLIProxy dashboard or management UI
  • connect OAuth-based CLI subscriptions like Claude Code, Gemini, Codex, Qwen, or iFlow
  • generate a reusable API endpoint and API key
  • use CLIProxy with OpenClaw or another OpenAI-compatible client

Outcome

The job is complete only when all of these are true:

  1. CLIProxyAPI is installed and running
  2. the intended dashboard or management URL is reachable
  3. the user has added one or more OAuth-backed providers or accounts
  4. a reusable API endpoint and API key are available
  5. OpenClaw or the target client is configured to use CLIProxy
  6. a smoke test succeeds against a real model

Default workflow

  1. Determine the target mode:

    • local only
    • VPS or private LAN
    • public remote dashboard access

  2. Inspect the environment before changing anything:

    • OS and package/runtime availability
    • whether Docker, systemd, nginx, Caddy, or another reverse proxy already exists
    • whether OpenClaw is already installed and how it is configured
    • firewall state and whether public exposure is actually desired

  3. Install and start CLIProxyAPI.

    • Prefer a stable service deployment over an ad-hoc shell session.
    • Prefer systemd when available.
    • After install, verify the process is actually listening.

  4. Expose access only as needed.

    • If the user wants remote access, prefer reverse proxy plus minimal port exposure.
    • Do not open management surfaces wider than necessary.
    • State clearly what URL and what ports will become reachable.

  5. Guide provider onboarding.

    • Tell the user how to open the dashboard.
    • Have them add OAuth providers or accounts.
    • Confirm that models become visible and usable.

  6. Capture integration details.

    • base URL
    • API key or token
    • model names
    • any special headers if the deployment requires them

  7. Connect the result to OpenClaw.

    • Use the most direct compatible provider path available in OpenClaw.
    • If exact manual values are needed, provide them explicitly.

  8. Run a smoke test.

    • list models if available
    • send a minimal request
    • verify the selected model returns a real response

Read references only when needed

  • For install and service layout: references/install.md
  • For dashboard exposure, reverse proxy, or ports: references/dashboard.md
  • For adding OAuth providers and accounts: references/providers.md
  • For connecting CLIProxy to OpenClaw: references/openclaw-integration.md
  • For failures like 401, 403, 404, 429, 502, model-not-found, or streaming mismatches: references/troubleshooting.md

Operating rules

  • Prefer fewer checkpointed steps over long blind command chains.
  • Verify actual state after each major step before moving on.
  • Treat API keys, OAuth tokens, session cookies, and dashboard credentials as sensitive.
  • Do not assume public exposure is desired. If unclear, ask.
  • The goal is not to "install the repo"; the goal is to produce one working API layer that OpenClaw or another client can really use.
  • If the user wants this published on ClawHub, keep the operational guidance concise in SKILL.md and move detail into references.

Comments

Loading comments...