Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
RelayPlane
v4.1.0Agent ops layer for OpenClaw — observability, governance, and cost optimization with automatic failover. Never breaks your setup.
⭐ 5· 2.7k·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be an optional local proxy that routes and governs LLM calls — that reasonably explains the npm CLI and proxy commands in SKILL.md. However, README.md and SKILL.md give inconsistent guidance (README recommends setting provider BASE_URL env variables to point at the proxy; SKILL.md explicitly warns against doing that). Also the registry metadata flags (model-invocable/defaults) differ from SKILL.md's internal metadata. These inconsistencies make it unclear which behavior the skill actually expects from an integrator.
Instruction Scope
SKILL.md asks you to install and run a global npm package and to run a local proxy which will receive agent traffic. The README explicitly shows examples that would 'hijack' all traffic by setting provider BASE_URL envs — a configuration the SKILL.md warns against. That contradiction is important: one configuration (env exports) will route all traffic through the proxy without an OpenClaw circuit-breaker/fallback and could cause a single point of failure or unexpected interception of all prompts. The instructions also describe process management and automatic spawning, but as an instruction-only skill there's nothing in the registry to verify how that integration is implemented.
Install Mechanism
There is no registry install spec, but SKILL.md instructs users to run `npm install -g @relayplane/proxy`. Installing a third-party global npm CLI is a normal delivery mechanism for a proxy/CLI but is moderate risk because it executes arbitrary code from npm. The skill provides links (npm, GitHub, docs), so you can inspect the package sources, but the registry itself does not include code to audit.
Credentials
The registry declares no required env vars or credentials, yet README and SKILL.md reference provider API keys and (contradictory) base URL environment variables (e.g., ANTHROPIC_BASE_URL, OPENAI_BASE_URL). The SKILL.md warns not to set BASE_URL envs, while the README demonstrates doing exactly that — this mismatch may lead users to accidentally configure the proxy in a way that intercepts all traffic or disables fallback behavior. Telemetry is mentioned (opt-out and --offline flags) but no explicit explanation of what anonymous data is sent is present.
Persistence & Privilege
Registry-level flags say model invocation is allowed by default, but SKILL.md metadata sets disableModelInvocation: true (not model-invocable). This mismatch is important: if the skill or CLI can be invoked autonomously (or run as a background process), it increases blast radius. The skill itself recommends installing a global CLI and a managed proxy which could run as a long-lived local process and optionally send telemetry. Those behaviors are expected for a proxy but should be clearly documented and controlled; the current docs are inconsistent about autonomous invocation and safe defaults.
What to consider before installing
Before installing or enabling this skill: 1) Do not blindly run `npm install -g` for packages you haven't audited — review the package source on the linked GitHub and the published npm package contents. 2) Clarify the README vs SKILL.md contradiction about setting provider BASE_URL env vars — if you point provider base URLs at a local proxy without a circuit-breaker, you risk a single point of failure and having all prompts routed through that process. 3) Confirm the telemetry defaults: test `relayplane-proxy --offline` or `telemetry off` before sending traffic to it, and verify what anonymous metrics are actually transmitted. 4) Ask the maintainer to reconcile the registry metadata vs SKILL.md (is model invocation disabled or allowed?). 5) If you proceed, run the CLI in an isolated environment (container or VM) and validate its behavior (circuit-breaker/fallback to direct provider) before enabling it for production agents.Like a lobster shell, security has layers — review code before you run it.
aivk970mtn39gf3rf4s5mj8dt2vbs80ejcganthropicvk970mtn39gf3rf4s5mj8dt2vbs80ejcgcost-optimizationvk970mtn39gf3rf4s5mj8dt2vbs80ejcglatestvk97etffvtbsak35rsjg7aaqvjx82vp12llmvk970mtn39gf3rf4s5mj8dt2vbs80ejcgopenaivk970mtn39gf3rf4s5mj8dt2vbs80ejcgproxyvk970mtn39gf3rf4s5mj8dt2vbs80ejcg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔀 Clawdis